From: Jia-Ju Bai <[email protected]> Date: Fri, 26 Jul 2019 16:27:36 +0800
> In start_isoc_chain(), usb_alloc_urb() on line 1392 may fail > and return NULL. At this time, fifo->iso[i].urb is assigned to NULL. > > Then, fifo->iso[i].urb is used at some places, such as: > LINE 1405: fill_isoc_urb(fifo->iso[i].urb, ...) > urb->number_of_packets = num_packets; > urb->transfer_flags = URB_ISO_ASAP; > urb->actual_length = 0; > urb->interval = interval; > LINE 1416: fifo->iso[i].urb->... > LINE 1419: fifo->iso[i].urb->... > > Thus, possible null-pointer dereferences may occur. > > To fix these bugs, "continue" is added to avoid using fifo->iso[i].urb > when it is NULL. > > These bugs are found by a static analysis tool STCheck written by us. > > Signed-off-by: Jia-Ju Bai <[email protected]> Applied.
