Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751045AbcDKFJk (ORCPT ); Mon, 11 Apr 2016 01:09:40 -0400 Received: from mga04.intel.com ([192.55.52.120]:44076 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750716AbcDKFJj (ORCPT ); Mon, 11 Apr 2016 01:09:39 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,462,1455004800"; d="asc'?scan'208";a="684175628" From: Felipe Balbi To: chunfeng yun , Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-usb@vger.kernel.org, linux-mediatek@lists.infradead.org Subject: Re: [PATCH] usb: core: buffer: avoid NULL pointer dereferrence In-Reply-To: <1460343705.10419.12.camel@mhfsdcap03> References: <1460106483-24793-1-git-send-email-chunfeng.yun@mediatek.com> <20160408140701.GA3547@kroah.com> <1460343705.10419.12.camel@mhfsdcap03> User-Agent: Notmuch/0.21+96~g9bbc54b (http://notmuchmail.org) Emacs/25.0.90.3 (x86_64-pc-linux-gnu) Date: Mon, 11 Apr 2016 08:07:28 +0300 Message-ID: <87shyspwbz.fsf@intel.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1845 Lines: 53 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, chunfeng yun writes: > On Fri, 2016-04-08 at 07:07 -0700, Greg Kroah-Hartman wrote: >> On Fri, Apr 08, 2016 at 05:08:03PM +0800, Chunfeng Yun wrote: >> > NULL pointer dereferrence will happen when class driver >> > wants to allocate zero length buffer and pool_max[0] >> > can't be used, so skip reserved pool in this case. >>=20 >> Why would a driver want to allocate a 0 length buffer? What driver does >> this? > It's misc/usbtest.c that'll do what you ask it to do with the userspace tool testusb. Are you trying to pass a size of 0 ? >> Shouldn't we fix that issue instead? > I don't know which way is better, but it seems simple to fix it up in > buffer.c=20 I think we should, really, avoid a 0-length allocation, but passing a size of 0 to testusb isn't very good either ;-) How are you calling testusb ? =2D-=20 balbi --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXCzERAAoJEIaOsuA1yqRESLEP/2sYgXArkny8AZmdvDEp2tfl 9NNoU/MG1fiKqesBtgj03YSe3OIpMvC/xowEQBELS6VH6F4nEwphPNo3tuxs1PqJ EXqIvk12aW1RcIdcG6aebE9WT8SS2Mfgy1oIyjcZigshLIVpcDaHCDnXe0igRS/e 3Q8HktZredNmQG7JE7EvJr6ZwtA7WhtBqL641SAihlaGavigxREvM+Uez2ZErNw+ HVOBCZf8kZcoYeLAD9Pdbs6wJw88jCQ0UIsYaGq9Sd30jSjj0jxVjmAs1w6KPV6P f7Gdx7LopRkV+92FqmsjPmZI32/CYbV1nZtUg4IYGw27ItlrLVnB3sIOaodPaOHM TSM2Eqi0mTTrSbqe9pbtUn7MCyWixxirJDoQ7wiI5F6V4juN/kyAM560qmcCiW1Z Aw86tTRdBj4stJGkLd6rmaLWsAAsuM07xAKlYmngT3YaZe8SsChGNo6X9wal0TgR vzaCVwpCIqgFb5pT43MNb1pgvfNi0Sc2t7EIdlcctAWaE6JXgxm1v5mNuAHSW0e6 8g9irPgzRh6l9qvf+/7qDPmRqA67ayWgXPiXxUOyaakVb9lbCybbd9wWDF9czwMg LQCm1akSk23vC3ntPcxWfZkni8VQ+LDVnduzTcPG7joihMs8Sypu96CGoW1hN8Ly jhS8odYFlT7QKRYir2WG =gT+2 -----END PGP SIGNATURE----- --=-=-=--