From 8a9af4fdf6d5eeb3200a088354d266a87e8260b0 Mon Sep 17 00:00:00 2001 From: Sarah Sharp Date: Tue, 9 Aug 2011 16:31:54 -0700 Subject: USB: Avoid NULL pointer deref in usb_hcd_alloc_bandwidth. usb_ifnum_to_if() can return NULL if the USB device does not have a configuration installed (usb_device->actconfig == NULL), or if we can't find the interface number in the installed configuration. Return an error instead of crashing. Signed-off-by: Sarah Sharp --- drivers/usb/core/hcd.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers') diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index 8669ba3..73cbbd8 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1775,6 +1775,8 @@ int usb_hcd_alloc_bandwidth(struct usb_device *udev, struct usb_interface *iface = usb_ifnum_to_if(udev, cur_alt->desc.bInterfaceNumber); + if (!iface) + return -EINVAL; if (iface->resetting_device) { /* * The USB core just reset the device, so the xHCI host -- cgit v1.1