Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b6befe64 authored by Hemant Kumar's avatar Hemant Kumar Committed by Mayank Rana
Browse files

usb: gadget: f_cdev: Fix NULL pointer dereference in cser_free_inst 



If f_cdev_alloc() fails it frees the port context and set_inst_name()
call back returns with error. As a result free_func_inst() call back
is called which is dereferencing port context from f_cdev_opts context
which results into NULL ptr dereference. Fix the issue by adding NULL
check for port context pointer in f_cdev_opts context.

Change-Id: I69828761be0a9f7df714eec34894c13f762dcc43
Signed-off-by: default avatarHemant Kumar <hemantk@codeaurora.org>
parent 2f4cbe5b

drivers/usb/gadget/function/f_cdev.c

+5 −3
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2011, 2013-2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2011, 2013-2017, The Linux Foundation. All rights reserved.

 * Linux Foundation chooses to take subject only to the GPLv2 license terms,

 * and distributes only under these terms.

 *
@@ -826,8 +826,10 @@ static void cser_free_inst(struct usb_function_instance *fi) 


	opts = container_of(fi, struct f_cdev_opts, func_inst);



	if (opts->port) {

		device_destroy(fcdev_classp, MKDEV(major, opts->port->minor));

		cdev_del(&opts->port->fcdev_cdev);

	}

	usb_cser_chardev_deinit();

	kfree(opts->func_name);

	kfree(opts->port);