summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Ian King <colin.king@canonical.com>2016-09-05 18:37:12 +0300
committerFelipe Balbi <felipe.balbi@linux.intel.com>2016-09-06 10:44:03 +0300
commit3ff488ab6000f1338684b227c499450317519cc1 (patch)
treeb1f635defa3e4459fb5ff7045c92c6cb7e013acf
parent519d8bd4b5d3d82c413eac5bb42b106bb4b9ec15 (diff)
downloadlinux-3ff488ab6000f1338684b227c499450317519cc1.tar.xz
usb: gadget: prevent potenial null pointer dereference on skb->len
An earlier fix partially fixed the null pointer dereference on skb->len by moving the assignment of len after the check on skb being non-null, however it failed to remove the erroneous dereference when assigning len. Correctly fix this by removing the initialisation of len as was originally intended. Fixes: 70237dc8efd092 ("usb: gadget: function: f_eem: socket buffer may be NULL") Acked-by: Peter Chen <peter.chen@nxp.com> Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
-rw-r--r--drivers/usb/gadget/function/f_eem.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c
index 8741fd740174..007ec6e4a5d4 100644
--- a/drivers/usb/gadget/function/f_eem.c
+++ b/drivers/usb/gadget/function/f_eem.c
@@ -342,7 +342,7 @@ static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb)
struct sk_buff *skb2 = NULL;
struct usb_ep *in = port->in_ep;
int headroom, tailroom, padlen = 0;
- u16 len = skb->len;
+ u16 len;
if (!skb)
return NULL;