Re: ftdi_sio BUG: NULL pointer dereference

From: Mike Remski
Date: Tue Jun 03 2014 - 06:17:54 EST

On 06/02/2014 01:46 PM, Johan Hovold wrote:
On Mon, Jun 02, 2014 at 01:11:37PM -0400, Mike Remski wrote:
On 06/02/2014 12:49 PM, Johan Hovold wrote:
On Mon, Jun 02, 2014 at 12:24:44PM -0400, Mike Remski wrote:
On 06/02/2014 12:20 PM, Johan Hovold wrote:
On Mon, Jun 02, 2014 at 12:02:40PM -0400, Mike Remski wrote:
On 06/02/2014 11:40 AM, Johan Hovold wrote:
[ Please avoid top-posting. ]

On Mon, Jun 02, 2014 at 11:16:11AM -0400, Mike Remski wrote:
The third interface lacks endpoints and crashes the ftdi_sio driver.
This shouldn't happen (even if you're forcing the wrong driver to bind),
so I'll fix it up if still broken in v3.15-rc.

Thanks again. Yes, the device does indeed have an FTDI embedded in it;
they've programmed in their own ids. They supply a Windows driver for
it, but that doesn't do me any good. :)
Not just their own ID's it seems.

Have you tried just using the cdc-acm driver? The ports should up as
/dev/ttyACMx instead of ttyUSBx.

Not yet, next on the list.
You really should try this before anything else. :)

I'm suspecting that bNumEndpoints == 0 is causing endpoint[1].desc to
stay at NULL (line 1567 in source), so by the time it gets used
later on, I'm hitting the NULL dereference.
Yeah, the code is obviously broken (also in v3.15-rc). It should
probably work to just return from ftdi_set_max_packet_size if
num_endpoints is 0 if you want to try that (or you can use your ?:
construct), but I should be able to fix this up properly on Wednesday.

I had a chance to play around with code over in ftdi_sio.c; adding this:

if (!num_endpoints) {
after the "Number of endpoints" message gets rid of the crash, everything looks to be working correctly.

Thanks again


Office: (978)401-4032 (x123 internally)
Cell: (603) 759-6953

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at