On 07/25/2017 09:34 AM, Gerd Hoffmann wrote:
case CMD_GET_OBJECT_INFO:
- o = usb_mtp_object_lookup(s, c->argv[0]);
+ if (c->argc > 0) {
+ o = usb_mtp_object_lookup(s, c->argv[0]);
+ }
How about zero-initializing c->argv instead?
I checked the MTP specs rev. 1.1 and I understand the case argc == 0
fits in "Invalid Parameter" section (F.2.30, code 0x201d).
So the correct patch is to queue a RES_INVALID_PARAMETER result.
I'll send another patch but since this require heavy testing this is
probably 2.11 material now.
Regards,
Phil.
