From: Alan Stern Date: Mon, 10 Sep 2018 18:00:53 +0000 (-0400) Subject: USB: handle NULL config in usb_find_alt_setting() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5b6717c6a3c0c92fe08a439717c19fa61c8c0099;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git USB: handle NULL config in usb_find_alt_setting() commit c9a4cb204e9eb7fa7dfbe3f7d3a674fa530aa193 upstream. usb_find_alt_setting() takes a pointer to a struct usb_host_config as an argument; it searches for an interface with specified interface and alternate setting numbers in that config. However, it crashes if the usb_host_config pointer argument is NULL. Since this is a general-purpose routine, available for use in many places, we want to to be more robust. This patch makes it return NULL whenever the config argument is NULL. Signed-off-by: Alan Stern Reported-by: syzbot+19c3aaef85a89d451eac@syzkaller.appspotmail.com CC: Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c index 17681d5638ac..f8b50eaf6d1e 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -228,6 +228,8 @@ struct usb_host_interface *usb_find_alt_setting( struct usb_interface_cache *intf_cache = NULL; int i; + if (!config) + return NULL; for (i = 0; i < config->desc.bNumInterfaces; i++) { if (config->intf_cache[i]->altsetting[0].desc.bInterfaceNumber == iface_num) {