Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

MUSB: Add sanity check for maximum number of endpoints

There is no check if platform code passes in more endpoints (num_eps)
than the maximum number of enpoints (MUSB_C_NUM_EPS.)  The result is
that allocate_instance() happily writes past the end of 'struct musb'
corrupting memory.

This patch adds a BUG() if the platform code requests more than the max.

Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com>
Acked-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin Hilman 16 years ago
parent
cede969fe2
commit
02582b92f6
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      drivers/usb/musb/musb_core.c

+ 1 - 0
drivers/usb/musb/musb_core.c
View File 

@@ -1806,6 +1806,7 @@ allocate_instance(struct device *dev,
 
 	musb->ctrl_base = mbase;
 
 	musb->nIrq = -ENODEV;
 
 	musb->config = config;
 
+	BUG_ON(musb->config->num_eps > MUSB_C_NUM_EPS);
 
 	for (epnum = 0, ep = musb->endpoints;
 
 			epnum < musb->config->num_eps;
 
 			epnum++, ep++) {