Re: [PATCH] USB: don't read past config->interface[] ifusb_control_msg() fails in usb_reset_configuration()

[Sarah Sharp]

On Tue, Feb 09, 2010 at 05:01:53PM +0100, Roel Kluin wrote:
> After the loop `for (i = 0; i < config->desc.bNumInterfaces; i++)' if no
> break occurred, i equals config->desc.bNumInterfaces. so if
> usb_control_msg() failed then after goto reset_old_alts we read from
> config->interface[config->desc.bNumInterfaces].
> We can safely decrement i as well if the break occurred.
> 
> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>

Bah, yes, you're right. :)  Good catch.

Signed-off-by: Sarah Sharp <sarah.a.sharp@xxxxxxxxxxxxxxx>

> ---
> 
> > You correctly identified a problem, but your fix is wrong -- or at 
> > least, it is much too complicated.
> 
> Ok,
> 
>  drivers/usb/core/message.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
> index 9bc95fe..1a48aac 100644
> --- a/drivers/usb/core/message.c
> +++ b/drivers/usb/core/message.c
> @@ -1471,7 +1471,7 @@ int usb_reset_configuration(struct usb_device *dev)
>  	/* If not, reinstate the old alternate settings */
>  	if (retval < 0) {
>  reset_old_alts:
> -		for (; i >= 0; i--) {
> +		for (i--; i >= 0; i--) {
>  			struct usb_interface *intf = config->interface[i];
>  			struct usb_host_interface *alt;
>  
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/