From: Horst Schirmeier Date: Thu, 9 Mar 2006 13:10:49 +0000 (+0100) Subject: [PATCH] USB: usbcore: usb_set_configuration oops (NULL ptr dereference) X-Git-Tag: firefly_0821_release~37599^2~15 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f48219db93eaee644e9fd9f22fb6421f38059cc5;p=firefly-linux-kernel-4.4.55.git [PATCH] USB: usbcore: usb_set_configuration oops (NULL ptr dereference) When trying to deconfigure a device via usb_set_configuration(dev, 0), 2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops with "Unable to handle NULL pointer dereference at...". This is due to an unchecked dereference of cp in the power budget part. Signed-off-by: Horst Schirmeier Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 2f6009b0cffc..08fb20f06f3e 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1388,11 +1388,13 @@ free_interfaces: if (dev->state != USB_STATE_ADDRESS) usb_disable_device (dev, 1); // Skip ep0 - i = dev->bus_mA - cp->desc.bMaxPower * 2; - if (i < 0) - dev_warn(&dev->dev, "new config #%d exceeds power " - "limit by %dmA\n", - configuration, -i); + if (cp) { + i = dev->bus_mA - cp->desc.bMaxPower * 2; + if (i < 0) + dev_warn(&dev->dev, "new config #%d exceeds power " + "limit by %dmA\n", + configuration, -i); + } if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), USB_REQ_SET_CONFIGURATION, 0, configuration, 0,