fsg_common_init() can fail when memory is low. In that case, it returns
PTR_ERR().
fsg_add() does not check for failure, and thus dereferences an invalid
fsg_common later, which crashes.
Verify if we receive an error from fsg_common_init() and handle it
gracefully.
Reported-by: Zixun LI <ad...@hifiphile.com>
Signed-off-by: Mattijs Korpershoek <mkorpersh...@baylibre.com>
---
drivers/usb/gadget/f_mass_storage.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/f_mass_storage.c
b/drivers/usb/gadget/f_mass_storage.c
index 6f464185bd39..fcce6d12f56b 100644
--- a/drivers/usb/gadget/f_mass_storage.c
+++ b/drivers/usb/gadget/f_mass_storage.c
@@ -2742,6 +2742,8 @@ int fsg_add(struct usb_configuration *c)
struct fsg_common *fsg_common;
fsg_common = fsg_common_init(NULL, c->cdev);
+ if (IS_ERR(fsg_common))
+ return PTR_ERR(fsg_common);
fsg_common->vendor_name = 0;
fsg_common->product_name = 0;
--
2.49.0
