Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754593Ab1DEP4y (ORCPT ); Tue, 5 Apr 2011 11:56:54 -0400 Received: from mail-ey0-f174.google.com ([209.85.215.174]:46651 "EHLO mail-ey0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752939Ab1DEP4v convert rfc822-to-8bit (ORCPT ); Tue, 5 Apr 2011 11:56:51 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:content-type:to:cc:subject:references:date:mime-version :content-transfer-encoding:from:organization:message-id:in-reply-to :user-agent; b=bzA2LKhrRgC66+s0n8vVFXafxUonQlbas2r+hPYyfC1Io24H42oXMpuYJtp1gvPTrP Zq75gDRv8ze4FzsY4iJO2ObvTzDwBuMR88OM4UBn6ZBBeLFYq/vFjb3sXTpH9rE3eJw5 UMH6Du5qm8VUMBd6RYjM4eCrwT/Gcm6s8xwNw= Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: gregkh@suse.de, "Roger Quadros" Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/5] usb: gadget: f_mass_storage: Prevent NULL pointer dereference References: <1302017802-16614-1-git-send-email-roger.quadros@nokia.com> <1302017802-16614-4-git-send-email-roger.quadros@nokia.com> Date: Tue, 05 Apr 2011 17:56:47 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT From: "Michal Nazarewicz" Organization: Google Message-ID: In-Reply-To: <1302017802-16614-4-git-send-email-roger.quadros@nokia.com> User-Agent: Opera Mail/11.01 (Linux) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1900 Lines: 48 On Tue, 05 Apr 2011 17:36:40 +0200, Roger Quadros wrote: > Prevent a NULL pointer dereference in fsg_config_from_params() if > 'file' parameter is not specified. Have you observed this behaviour? I don't see how it could happen with module parameters and if it appears in some gadget it's a bug in the gadget. Not that I'm saying checking for null pointer is a bad idea. > Signed-off-by: Roger Quadros > --- > drivers/usb/gadget/f_mass_storage.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/usb/gadget/f_mass_storage.c > b/drivers/usb/gadget/f_mass_storage.c > index 5d7de93..f6bd001 100644 > --- a/drivers/usb/gadget/f_mass_storage.c > +++ b/drivers/usb/gadget/f_mass_storage.c > @@ -3177,7 +3177,7 @@ fsg_config_from_params(struct fsg_config *cfg, > lun->removable = /* Removable by default */ > params->removable_count <= i || params->removable[i]; > lun->filename = > - params->file_count > i && params->file[i][0] > + params->file_count > i && params->file[i] You're removing the check if an empty file name has been specified. It should read: + params->file_count > i && params->file[i] && params->file[i][0] And since the line is getting pretty long, maybe convert it to a proper “if”. I'm sure Greg will like that. ;) > ? params->file[i] > : 0; > } -- Best regards, _ _ .o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o ..o | Computer Science, Michal "mina86" Nazarewicz (o o) ooo +----------ooO--(_)--Ooo-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/