CVS commit: src/sys/dev/usb

Mon, 14 Mar 2022 09:14:20 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Mon Mar 14 16:14:11 UTC 2022

Modified Files:
        src/sys/dev/usb: umidi.c

Log Message:
umidi(4): Bail early if no endpoints.

kmem_alloc is unhappy with zero-size allocation.

Reported-by: syzbot+483b984480c295979...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 src/sys/dev/usb/umidi.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/usb/umidi.c
diff -u src/sys/dev/usb/umidi.c:1.84 src/sys/dev/usb/umidi.c:1.85
--- src/sys/dev/usb/umidi.c:1.84	Sun Aug  8 20:50:12 2021
+++ src/sys/dev/usb/umidi.c	Mon Mar 14 16:14:11 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: umidi.c,v 1.84 2021/08/08 20:50:12 andvar Exp $	*/
+/*	$NetBSD: umidi.c,v 1.85 2022/03/14 16:14:11 riastradh Exp $	*/
 
 /*
  * Copyright (c) 2001, 2012, 2014 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: umidi.c,v 1.84 2021/08/08 20:50:12 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: umidi.c,v 1.85 2022/03/14 16:14:11 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -778,6 +778,8 @@ alloc_all_endpoints_fixed_ep(struct umid
 
 	fp = umidi_get_quirk_data_from_type(sc->sc_quirk,
 					    UMQ_TYPE_FIXED_EP);
+	if (fp->num_in_ep == 0 && fp->num_out_ep == 0)
+		return USBD_INVAL;
 	sc->sc_out_num_jacks = 0;
 	sc->sc_in_num_jacks = 0;
 	sc->sc_out_num_endpoints = fp->num_out_ep;
@@ -934,6 +936,8 @@ alloc_all_endpoints_yamaha(struct umidi_
 		sc->sc_in_num_jacks = 0;
 	}
 	sc->sc_endpoints_len = UMIDI_ENDPOINT_SIZE(sc);
+	if (sc->sc_endpoints_len == 0)
+		return USBD_INVAL;
 	sc->sc_endpoints = kmem_zalloc(sc->sc_endpoints_len, KM_SLEEP);
 	if (sc->sc_out_num_endpoints) {
 		sc->sc_out_ep = sc->sc_endpoints;

Reply via email to