From f18c9be9d4bd7bca2091219ddbbb0e7243c75260 Mon Sep 17 00:00:00 2001 From: Mayank Rana Date: Fri, 18 Oct 2013 14:46:36 +0530 Subject: [PATCH] msm: usbaudio: Add check for NULL before dereferencing kzalloc() and usb_ifnum_to_if() both APIs can return NULL. Current code is not checking return value and derefencing which may crash device if it is set to NULL. Fix this by checking return value against NULL and handling the same. CRs-Fixed: 562273 Change-Id: I0d2c910f43321e94fc447b19ae3e3207727e24f3 Signed-off-by: Mayank Rana Signed-off-by: Banajit Goswami --- sound/usb/card.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/sound/usb/card.c b/sound/usb/card.c index 18f56646ce86..3b70175a3000 100644 --- a/sound/usb/card.c +++ b/sound/usb/card.c @@ -216,11 +216,24 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif) struct usb_device *dev = chip->dev; struct usb_host_interface *host_iface; struct usb_interface_descriptor *altsd; + struct usb_interface *usb_iface; void *control_header; int i, protocol; + usb_iface = usb_ifnum_to_if(dev, ctrlif); + if (!usb_iface) { + snd_printk(KERN_ERR "%d:%u : does not exist\n", + dev->devnum, ctrlif); + return -EINVAL; + } + /* find audiocontrol interface */ - host_iface = &usb_ifnum_to_if(dev, ctrlif)->altsetting[0]; + host_iface = &usb_iface->altsetting[0]; + if (!host_iface) { + snd_printk(KERN_ERR "Audio Control interface is not available."); + return -EINVAL; + } + control_header = snd_usb_find_csint_desc(host_iface->extra, host_iface->extralen, NULL, UAC_HEADER); @@ -260,8 +273,7 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif) case UAC_VERSION_2: { struct usb_interface_assoc_descriptor *assoc = - usb_ifnum_to_if(dev, ctrlif)->intf_assoc; - + usb_iface->intf_assoc; if (!assoc) { /* * Firmware writers cannot count to three. So to find