Commit 737803f3 authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by Kleber Sacilotto de Souza

media: smsusb: better handle optional alignment

BugLink: https://bugs.launchpad.net/bugs/1832661

commit a4768663 upstream.

Most Siano devices require an alignment for the response.

Changeset f3be52b0056a ("media: usb: siano: Fix general protection fault in smsusb")
changed the logic with gets such aligment, but it now produces a
sparce warning:

drivers/media/usb/siano/smsusb.c: In function 'smsusb_init_device':
drivers/media/usb/siano/smsusb.c:447:37: warning: 'in_maxp' may be used uninitialized in this function [-Wmaybe-uninitialized]
  447 |   dev->response_alignment = in_maxp - sizeof(struct sms_msg_hdr);
      |                             ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~

The sparse message itself is bogus, but a broken (or fake) USB
eeprom could produce a negative value for response_alignment.

So, change the code in order to check if the result is not
negative.

Fixes: 31e0456d ("media: usb: siano: Fix general protection fault in smsusb")
CC: <stable@vger.kernel.org>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 19905354
...@@ -391,7 +391,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id) ...@@ -391,7 +391,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
struct smsusb_device_t *dev; struct smsusb_device_t *dev;
void *mdev; void *mdev;
int i, rc; int i, rc;
int in_maxp = 0; int align = 0;
/* create device object */ /* create device object */
dev = kzalloc(sizeof(struct smsusb_device_t), GFP_KERNEL); dev = kzalloc(sizeof(struct smsusb_device_t), GFP_KERNEL);
...@@ -409,14 +409,14 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id) ...@@ -409,14 +409,14 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
if (desc->bEndpointAddress & USB_DIR_IN) { if (desc->bEndpointAddress & USB_DIR_IN) {
dev->in_ep = desc->bEndpointAddress; dev->in_ep = desc->bEndpointAddress;
in_maxp = usb_endpoint_maxp(desc); align = usb_endpoint_maxp(desc) - sizeof(struct sms_msg_hdr);
} else { } else {
dev->out_ep = desc->bEndpointAddress; dev->out_ep = desc->bEndpointAddress;
} }
} }
pr_debug("in_ep = %02x, out_ep = %02x\n", dev->in_ep, dev->out_ep); pr_debug("in_ep = %02x, out_ep = %02x\n", dev->in_ep, dev->out_ep);
if (!dev->in_ep || !dev->out_ep) { /* Missing endpoints? */ if (!dev->in_ep || !dev->out_ep || align < 0) { /* Missing endpoints? */
smsusb_term_device(intf); smsusb_term_device(intf);
return -ENODEV; return -ENODEV;
} }
...@@ -435,7 +435,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id) ...@@ -435,7 +435,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
/* fall-thru */ /* fall-thru */
default: default:
dev->buffer_size = USB2_BUFFER_SIZE; dev->buffer_size = USB2_BUFFER_SIZE;
dev->response_alignment = in_maxp - sizeof(struct sms_msg_hdr); dev->response_alignment = align;
params.flags |= SMS_DEVICE_FAMILY2; params.flags |= SMS_DEVICE_FAMILY2;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment