From 750030b3f14b07395e7674e2cfe104874bbbf88f Mon Sep 17 00:00:00 2001 From: Mayank Rana Date: Fri, 18 Oct 2013 14:46:36 +0530 Subject: msm: usbaudio: Add check for NULL before dereferencing kzalloc() and usb_ifnum_to_if() both APIs can return NULL. Current code is not checking return value and derefencing which may crash device if it is set to NULL. Fix this by checking return value against NULL and handling the same. CRs-Fixed: 562273 Change-Id: I0d2c910f43321e94fc447b19ae3e3207727e24f3 Signed-off-by: Mayank Rana --- sound/usb/card.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/sound/usb/card.c b/sound/usb/card.c index 758bb8b05..bb07d48e7 100644 --- a/sound/usb/card.c +++ b/sound/usb/card.c @@ -218,12 +218,25 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif) struct usb_device *dev = chip->dev; struct usb_host_interface *host_iface; struct usb_interface_descriptor *altsd; + struct usb_interface *usb_iface; void *control_header; int i, protocol; int rest_bytes; + usb_iface = usb_ifnum_to_if(dev, ctrlif); + if (!usb_iface) { + snd_printk(KERN_ERR "%d:%u : does not exist\n", + dev->devnum, ctrlif); + return -EINVAL; + } + /* find audiocontrol interface */ - host_iface = &usb_ifnum_to_if(dev, ctrlif)->altsetting[0]; + host_iface = &usb_iface->altsetting[0]; + if (!host_iface) { + snd_printk(KERN_ERR "Audio Control interface is not available."); + return -EINVAL; + } + control_header = snd_usb_find_csint_desc(host_iface->extra, host_iface->extralen, NULL, UAC_HEADER); @@ -281,8 +294,7 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif) case UAC_VERSION_2: { struct usb_interface_assoc_descriptor *assoc = - usb_ifnum_to_if(dev, ctrlif)->intf_assoc; - + usb_iface->intf_assoc; if (!assoc) { /* * Firmware writers cannot count to three. So to find -- cgit v1.2.3