From f48219db93eaee644e9fd9f22fb6421f38059cc5 Mon Sep 17 00:00:00 2001 From: Horst Schirmeier Date: Thu, 9 Mar 2006 14:10:49 +0100 Subject: [PATCH] USB: usbcore: usb_set_configuration oops (NULL ptr dereference) When trying to deconfigure a device via usb_set_configuration(dev, 0), 2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops with "Unable to handle NULL pointer dereference at...". This is due to an unchecked dereference of cp in the power budget part. Signed-off-by: Horst Schirmeier Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/message.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 2f6009b0cff..08fb20f06f3 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1388,11 +1388,13 @@ free_interfaces: if (dev->state != USB_STATE_ADDRESS) usb_disable_device (dev, 1); // Skip ep0 - i = dev->bus_mA - cp->desc.bMaxPower * 2; - if (i < 0) - dev_warn(&dev->dev, "new config #%d exceeds power " - "limit by %dmA\n", - configuration, -i); + if (cp) { + i = dev->bus_mA - cp->desc.bMaxPower * 2; + if (i < 0) + dev_warn(&dev->dev, "new config #%d exceeds power " + "limit by %dmA\n", + configuration, -i); + } if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), USB_REQ_SET_CONFIGURATION, 0, configuration, 0, -- cgit v1.2.3-70-g09d2