Hi Przemyslaw,
Some pointers in function download_tail() were not checked before the use. This could possibly cause the data abort. To avoid this, check if the pointers are not null is added.
Signed-off-by: Przemyslaw Marczak p.marczak@samsung.com
Change v2:
- download_tail(): change printf() to error()
drivers/usb/gadget/f_thor.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/f_thor.c b/drivers/usb/gadget/f_thor.c index 78519fa..2d0410d 100644 --- a/drivers/usb/gadget/f_thor.c +++ b/drivers/usb/gadget/f_thor.c @@ -205,12 +205,24 @@ static long long int download_head(unsigned long long total, static int download_tail(long long int left, int cnt) {
- struct dfu_entity *dfu_entity =
dfu_get_entity(alt_setting_num);
- void *transfer_buffer = dfu_get_buf(dfu_entity);
struct dfu_entity *dfu_entity;
void *transfer_buffer; int ret;
debug("%s: left: %llu cnt: %d\n", __func__, left, cnt);
dfu_entity = dfu_get_entity(alt_setting_num);
if (!dfu_entity) {
error("Alt setting: %d entity not found!\n",alt_setting_num);
return -ENOENT;- }
- transfer_buffer = dfu_get_buf(dfu_entity);
- if (!transfer_buffer) {
error("Transfer buffer not allocated!");return -ENXIO;- }
- if (left) { ret = dfu_write(dfu_entity, transfer_buffer, left,
cnt++); if (ret) {
Applied to u-boot-dfu, thanks!