summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrzej Pietrasiewicz <andrzej.p@samsung.com>2013-12-13 14:46:40 +0100
committerFelipe Balbi <balbi@ti.com>2013-12-17 13:17:41 -0600
commit45ab460975c5433d1bd81b211fe643732abaae19 (patch)
tree56d8ebbf463d09a291b3168752491b8466876544
parente117e742d310683b410951faeab4b13b6c3c609f (diff)
downloadlinux-45ab460975c5433d1bd81b211fe643732abaae19.tar.bz2
usb: gadget: nokia: fix error recovery path for optional functions
In the nokia gadget some USB functions (obex 1 and 2, phonet) are optional. If at the start of nokia_bind_config e.g. fi_phonet is an error pointer, which can happen because we don't fail the bind process if usb_get_function_instance() fails for fi_phonet, then f_phonet is NULL, and phonet_stat = usb_add_function(c, f_phonet); is never called and phonet_stat remains 0. If, in these circumstances, we hit the err_conf label then !phonet_stat evaluates to true and we try usb_remove_function() with its second parameter being f_phonet which is NULL and it causes NULL pointer dereference. This patch changes the initial values of (obex1|obex2|phonet)_stat to a nonzero value so that if the err_conf label is hit while the respective functions have not been acquired the usb_remove_function() is not called for those functions. Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: Felipe Balbi <balbi@ti.com>
-rw-r--r--drivers/usb/gadget/nokia.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/usb/gadget/nokia.c b/drivers/usb/gadget/nokia.c
index 0a8099a488c4..3ab386167519 100644
--- a/drivers/usb/gadget/nokia.c
+++ b/drivers/usb/gadget/nokia.c
@@ -126,9 +126,9 @@ static int __init nokia_bind_config(struct usb_configuration *c)
struct usb_function *f_ecm;
struct usb_function *f_obex2 = NULL;
int status = 0;
- int obex1_stat = 0;
- int obex2_stat = 0;
- int phonet_stat = 0;
+ int obex1_stat = -1;
+ int obex2_stat = -1;
+ int phonet_stat = -1;
if (!IS_ERR(fi_phonet)) {
f_phonet = usb_get_function(fi_phonet);