From: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Date: Mon, 20 Jan 2014 07:33:50 +0000 (+0100)
Subject: usb: gadget: fix NULL pointer dereference
X-Git-Tag: v3.14-rc4~6^2~1^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0f42204d0cc04a63ac61fdaa3b6a269ea0dc08b;p=pandora-kernel.git

usb: gadget: fix NULL pointer dereference

Fix possible NULL pointer dereference introduced in
commit 219580e (usb: f_fs: check quirk to pad epout
buf size when not aligned to maxpacketsize)

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
---

Reading git-diff-tree failed