USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_configuration()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

While looping over the interfaces, if usb_hcd_alloc_bandwidth() fails it calls
hcd->driver->reset_bandwidth(), so there was no need to reinstate the interface
again.

If no break occurred, the index equals config->desc.bNumInterfaces. A
subsequent usb_control_msg() failure resulted in a read from
config->interface[config->desc.bNumInterfaces] at label reset_old_alts.

In either case the last interface should be skipped.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Roel Kluin and committed by

Greg Kroah-Hartman 16 years ago e4a3d946 b6a2f10c

+1 -1

1 changed file

expand all

drivers

usb

core

message.c

+1 -1

drivers/usb/core/message.c

··· 1471 1471 /* If not, reinstate the old alternate settings */ 1472 1472 if (retval < 0) { 1473 1473 reset_old_alts: 1474 - for (; i >= 0; i--) { 1474 + for (i--; i >= 0; i--) { 1475 1475 struct usb_interface *intf = config->interface[i]; 1476 1476 struct usb_host_interface *alt; 1477 1477