USB: msm72k_udc: Fix NULL pointer dereference crash in msm72k_enable()
Accessing the _ep and desc parameters may lead to crash if they are NULL.
Hence check if they are NULL before accessing them.
Change-Id: I27d6a5588f8290b3d671ad6ebbfe0435a222c98b
CRs-Fixed: 366074
Signed-off-by: Rajkumar Raghupathy <raghup@codeaurora.org>
diff --git a/drivers/usb/gadget/msm72k_udc.c b/drivers/usb/gadget/msm72k_udc.c
index 863ddcd..0d53da0 100644
--- a/drivers/usb/gadget/msm72k_udc.c
+++ b/drivers/usb/gadget/msm72k_udc.c
@@ -2018,10 +2018,14 @@
static int
msm72k_enable(struct usb_ep *_ep, const struct usb_endpoint_descriptor *desc)
{
- struct msm_endpoint *ept = to_msm_endpoint(_ep);
- unsigned char ep_type =
- desc->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK;
+ struct msm_endpoint *ept;
+ unsigned char ep_type;
+ if (_ep == NULL || desc == NULL)
+ return -EINVAL;
+
+ ept = to_msm_endpoint(_ep);
+ ep_type = desc->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK;
_ep->maxpacket = le16_to_cpu(desc->wMaxPacketSize);
config_ept(ept);
ept->wedged = 0;