| Message ID | 1418295780-27611-2-git-send-email-p.marczak@samsung.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Łukasz Majewski |
| Headers | show |
Hi Przemyslaw, > Some pointers in function download_tail() were not checked > before the use. This could possibly cause the data abort. > To avoid this, check if the pointers are not null is added. > > Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com> > --- > drivers/usb/gadget/f_thor.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/gadget/f_thor.c b/drivers/usb/gadget/f_thor.c > index 78519fa..9f77ba6 100644 > --- a/drivers/usb/gadget/f_thor.c > +++ b/drivers/usb/gadget/f_thor.c > @@ -205,12 +205,24 @@ static long long int download_head(unsigned > long long total, > static int download_tail(long long int left, int cnt) > { > - struct dfu_entity *dfu_entity = > dfu_get_entity(alt_setting_num); > - void *transfer_buffer = dfu_get_buf(dfu_entity); > + struct dfu_entity *dfu_entity; > + void *transfer_buffer; > int ret; > > debug("%s: left: %llu cnt: %d\n", __func__, left, cnt); > > + dfu_entity = dfu_get_entity(alt_setting_num); > + if (!dfu_entity) { > + printf("Alt setting: %d entity not found!\n", > alt_setting_num); Please change printf() -> error() > + return -ENOENT; > + } > + > + transfer_buffer = dfu_get_buf(dfu_entity); > + if (!transfer_buffer) { > + error("Transfer buffer not allocated!"); > + return -ENXIO; > + } > + > if (left) { > ret = dfu_write(dfu_entity, transfer_buffer, left, > cnt++); if (ret) {
diff --git a/drivers/usb/gadget/f_thor.c b/drivers/usb/gadget/f_thor.c index 78519fa..9f77ba6 100644 --- a/drivers/usb/gadget/f_thor.c +++ b/drivers/usb/gadget/f_thor.c @@ -205,12 +205,24 @@ static long long int download_head(unsigned long long total, static int download_tail(long long int left, int cnt) { - struct dfu_entity *dfu_entity = dfu_get_entity(alt_setting_num); - void *transfer_buffer = dfu_get_buf(dfu_entity); + struct dfu_entity *dfu_entity; + void *transfer_buffer; int ret; debug("%s: left: %llu cnt: %d\n", __func__, left, cnt); + dfu_entity = dfu_get_entity(alt_setting_num); + if (!dfu_entity) { + printf("Alt setting: %d entity not found!\n", alt_setting_num); + return -ENOENT; + } + + transfer_buffer = dfu_get_buf(dfu_entity); + if (!transfer_buffer) { + error("Transfer buffer not allocated!"); + return -ENXIO; + } + if (left) { ret = dfu_write(dfu_entity, transfer_buffer, left, cnt++); if (ret) {
Some pointers in function download_tail() were not checked before the use. This could possibly cause the data abort. To avoid this, check if the pointers are not null is added. Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com> --- drivers/usb/gadget/f_thor.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-)