Hi Wang,
On 4/14/22 17:12, Wang Cheng wrote:
> Due to the case that "requesttype == 0x01 && status <= 0"
> isn't handled in r8712_usbctrl_vendorreq(),
> "data" (drivers/staging/rtl8712/usb_ops.c:32)
> will be returned without initialization.
>
> When "tmpU1b" (drivers/staging/rtl8712/usb_intf.c:395)
> is 0, mac[6] (usb_intf.c:394) won't be initialized,
> which leads to accessing uninit-value on usb_intf.c:541.
>
> Reported-and-tested-by: [email protected]
> Signed-off-by: Wang Cheng <[email protected]>
This patch will just hide the problematic API in that driver. Correct
fix is changing usb_control_msg to usb_control_msg_{recv,send}.
IIRC this driver does not want read various length requests, so it
should be fine
With regards,
Pavel Skripkin