Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors
From: BjÃrn Mork
Date: Fri Apr 12 2019 - 05:07:38 EST
Yang Xiao <92siuyang@xxxxxxxxx> writes:
> If given malicious descritors that spcify 0 for the number of endpoints,
> then there is a null pointer deference when calling function
> usb_endpoint_is_bulk_in.
>
> for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
Try this:
#include <stdio.h>
int main()
{
int i;
for (i=0; i<0; ++i)
printf("%d\n");
return 0;
}
How many lines did it print?
BjÃrn