From 08889517b3713926169d79d99782192e86acdc67 Mon Sep 17 00:00:00 2001 From: Bryan Wu Date: Thu, 8 Jan 2009 00:21:19 +0800 Subject: [PATCH] USB: composite: Fix bug: low byte of w_index is the usb interface number not the whole 2 bytes of w_index In some usb gadget driver, for example usb audio class device, the high byte of w_index is the entity id and low byte is the interface number. If we use the 2 bytes of w_index as the array number, we will get a wrong pointer or NULL pointer. This patch fixes this issue. Signed-off-by: Bryan Wu Acked-by: David Brownell Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/composite.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index 363951eb333..5d11c291f1a 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -683,6 +683,7 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) struct usb_request *req = cdev->req; int value = -EOPNOTSUPP; u16 w_index = le16_to_cpu(ctrl->wIndex); + u8 intf = w_index & 0xFF; u16 w_value = le16_to_cpu(ctrl->wValue); u16 w_length = le16_to_cpu(ctrl->wLength); struct usb_function *f = NULL; @@ -769,7 +770,7 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) goto unknown; if (!cdev->config || w_index >= MAX_CONFIG_INTERFACES) break; - f = cdev->config->interface[w_index]; + f = cdev->config->interface[intf]; if (!f) break; if (w_value && !f->set_alt) @@ -781,7 +782,7 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) goto unknown; if (!cdev->config || w_index >= MAX_CONFIG_INTERFACES) break; - f = cdev->config->interface[w_index]; + f = cdev->config->interface[intf]; if (!f) break; /* lots of interfaces only need altsetting zero... */ @@ -808,7 +809,7 @@ unknown: */ if ((ctrl->bRequestType & USB_RECIP_MASK) == USB_RECIP_INTERFACE) { - f = cdev->config->interface[w_index]; + f = cdev->config->interface[intf]; if (f && f->setup) value = f->setup(f, ctrl); else -- 2.41.1