Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(433)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: drivers/usb/class/cdc-acm.c

Issue 6813077: USB: cdc-acm: fix potential null-pointer dereference on disconnect (Closed)
Patch Set: Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * cdc-acm.c 2 * cdc-acm.c
3 * 3 *
4 * Copyright (c) 1999 Armin Fuerst <fuerst@in.tum.de> 4 * Copyright (c) 1999 Armin Fuerst <fuerst@in.tum.de>
5 * Copyright (c) 1999 Pavel Machek <pavel@suse.cz> 5 * Copyright (c) 1999 Pavel Machek <pavel@suse.cz>
6 * Copyright (c) 1999 Johannes Erdfelt <johannes@erdfelt.com> 6 * Copyright (c) 1999 Johannes Erdfelt <johannes@erdfelt.com>
7 * Copyright (c) 2000 Vojtech Pavlik <vojtech@suse.cz> 7 * Copyright (c) 2000 Vojtech Pavlik <vojtech@suse.cz>
8 * Copyright (c) 2004 Oliver Neukum <oliver@neukum.name> 8 * Copyright (c) 2004 Oliver Neukum <oliver@neukum.name>
9 * Copyright (c) 2005 David Kubicek <dave@awk.cz> 9 * Copyright (c) 2005 David Kubicek <dave@awk.cz>
10 * 10 *
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after
290 dbg("%s - urb shutting down with status: %d", __func__, status); 290 dbg("%s - urb shutting down with status: %d", __func__, status);
291 return; 291 return;
292 default: 292 default:
293 dbg("%s - nonzero urb status received: %d", __func__, status); 293 dbg("%s - nonzero urb status received: %d", __func__, status);
294 goto exit; 294 goto exit;
295 } 295 }
296 296
297 if (!ACM_READY(acm)) 297 if (!ACM_READY(acm))
298 goto exit; 298 goto exit;
299 299
300 usb_mark_last_busy(acm->dev);
301
300 data = (unsigned char *)(dr + 1); 302 data = (unsigned char *)(dr + 1);
301 switch (dr->bNotificationType) { 303 switch (dr->bNotificationType) {
302 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 304 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
303 dbg("%s network", dr->wValue ? 305 dbg("%s network", dr->wValue ?
304 "connected to" : "disconnected from"); 306 "connected to" : "disconnected from");
305 break; 307 break;
306 308
307 case USB_CDC_NOTIFY_SERIAL_STATE: 309 case USB_CDC_NOTIFY_SERIAL_STATE:
308 tty = tty_port_tty_get(&acm->port); 310 tty = tty_port_tty_get(&acm->port);
309 newctrl = get_unaligned_le16(data); 311 newctrl = get_unaligned_le16(data);
(...skipping 19 matching lines...) Expand all
329 acm->ctrlin & ACM_CTRL_OVERRUN ? '+' : '-'); 331 acm->ctrlin & ACM_CTRL_OVERRUN ? '+' : '-');
330 break; 332 break;
331 333
332 default: 334 default:
333 dbg("unknown notification %d received: index %d len %d data0 %d data1 %d", 335 dbg("unknown notification %d received: index %d len %d data0 %d data1 %d",
334 dr->bNotificationType, dr->wIndex, 336 dr->bNotificationType, dr->wIndex,
335 dr->wLength, data[0], data[1]); 337 dr->wLength, data[0], data[1]);
336 break; 338 break;
337 } 339 }
338 exit: 340 exit:
339 usb_mark_last_busy(acm->dev);
340 retval = usb_submit_urb(urb, GFP_ATOMIC); 341 retval = usb_submit_urb(urb, GFP_ATOMIC);
341 if (retval) 342 if (retval)
342 dev_err(&urb->dev->dev, "%s - usb_submit_urb failed with " 343 dev_err(&urb->dev->dev, "%s - usb_submit_urb failed with "
343 "result %d", __func__, retval); 344 "result %d", __func__, retval);
344 } 345 }
345 346
346 /* data interface returns incoming bytes, or we got unthrottled */ 347 /* data interface returns incoming bytes, or we got unthrottled */
347 static void acm_read_bulk(struct urb *urb) 348 static void acm_read_bulk(struct urb *urb)
348 { 349 {
349 struct acm_rb *buf; 350 struct acm_rb *buf;
(...skipping 1360 matching lines...) Expand 10 before | Expand all | Expand 10 after
1710 put_tty_driver(acm_tty_driver); 1711 put_tty_driver(acm_tty_driver);
1711 } 1712 }
1712 1713
1713 module_init(acm_init); 1714 module_init(acm_init);
1714 module_exit(acm_exit); 1715 module_exit(acm_exit);
1715 1716
1716 MODULE_AUTHOR(DRIVER_AUTHOR); 1717 MODULE_AUTHOR(DRIVER_AUTHOR);
1717 MODULE_DESCRIPTION(DRIVER_DESC); 1718 MODULE_DESCRIPTION(DRIVER_DESC);
1718 MODULE_LICENSE("GPL"); 1719 MODULE_LICENSE("GPL");
1719 MODULE_ALIAS_CHARDEV_MAJOR(ACM_TTY_MAJOR); 1720 MODULE_ALIAS_CHARDEV_MAJOR(ACM_TTY_MAJOR);
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698