From ac0c2f38a399c63e83ce66d4ffdb693ce8bb5b66 Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Thu, 18 Feb 2010 02:36:23 +0100 Subject: [PATCH] USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_configuration() commit e4a3d94658b5760fc947d7f7185c57db47ca362a upstream. While looping over the interfaces, if usb_hcd_alloc_bandwidth() fails it calls hcd->driver->reset_bandwidth(), so there was no need to reinstate the interface again. If no break occurred, the index equals config->desc.bNumInterfaces. A subsequent usb_control_msg() failure resulted in a read from config->interface[config->desc.bNumInterfaces] at label reset_old_alts. In either case the last interface should be skipped. Signed-off-by: Roel Kluin Acked-by: Alan Stern Acked-by: Sarah Sharp Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 9bc95fec793f..1a48aac6d3bf 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1471,7 +1471,7 @@ int usb_reset_configuration(struct usb_device *dev) /* If not, reinstate the old alternate settings */ if (retval < 0) { reset_old_alts: - for (; i >= 0; i--) { + for (i--; i >= 0; i--) { struct usb_interface *intf = config->interface[i]; struct usb_host_interface *alt; -- 2.39.5