Skip to content

Commit 569f4d6

Browse files
jfischer-nokartben
jfischer-no
authored and
kartben
committed
usb: device_next: fix the null pointer dereference on FS devices
With the commit fe3c001 ("usb: device_next: disable high-speed USB device descriptor if not used") there is no high-speed device descriptor by default. Signed-off-by: Johann Fischer <[email protected]>
1 parent bec34c8 commit 569f4d6

File tree

2 files changed

+21
-6
lines changed

2 files changed

+21
-6
lines changed

subsys/usb/device_next/usbd_ch9.c

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -683,12 +683,6 @@ static int sreq_get_dev_qualifier(struct usbd_context *const uds_ctx,
683683
struct usb_device_qualifier_descriptor q_desc = {
684684
.bLength = sizeof(struct usb_device_qualifier_descriptor),
685685
.bDescriptorType = USB_DESC_DEVICE_QUALIFIER,
686-
.bcdUSB = d_desc->bcdUSB,
687-
.bDeviceClass = d_desc->bDeviceClass,
688-
.bDeviceSubClass = d_desc->bDeviceSubClass,
689-
.bDeviceProtocol = d_desc->bDeviceProtocol,
690-
.bMaxPacketSize0 = d_desc->bMaxPacketSize0,
691-
.bNumConfigurations = d_desc->bNumConfigurations,
692686
.bReserved = 0U,
693687
};
694688
size_t len;
@@ -703,6 +697,17 @@ static int sreq_get_dev_qualifier(struct usbd_context *const uds_ctx,
703697
return 0;
704698
}
705699

700+
if (d_desc == NULL) {
701+
return -EINVAL;
702+
}
703+
704+
q_desc.bcdUSB = d_desc->bcdUSB;
705+
q_desc.bDeviceClass = d_desc->bDeviceClass;
706+
q_desc.bDeviceSubClass = d_desc->bDeviceSubClass;
707+
q_desc.bDeviceProtocol = d_desc->bDeviceProtocol;
708+
q_desc.bMaxPacketSize0 = d_desc->bMaxPacketSize0;
709+
q_desc.bNumConfigurations = d_desc->bNumConfigurations;
710+
706711
LOG_DBG("Get Device Qualifier");
707712
len = MIN(setup->wLength, net_buf_tailroom(buf));
708713
net_buf_add_mem(buf, &q_desc, MIN(len, q_desc.bLength));

subsys/usb/device_next/usbd_device.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,11 @@ int usbd_device_set_bcd_usb(struct usbd_context *const uds_ctx,
6666
}
6767

6868
desc = get_device_descriptor(uds_ctx, speed);
69+
if (desc == NULL) {
70+
ret = -EINVAL;
71+
goto set_bcd_exit;
72+
}
73+
6974
desc->bcdUSB = sys_cpu_to_le16(bcd);
7075

7176
set_bcd_exit:
@@ -167,6 +172,11 @@ int usbd_device_set_code_triple(struct usbd_context *const uds_ctx,
167172
}
168173

169174
desc = get_device_descriptor(uds_ctx, speed);
175+
if (desc == NULL) {
176+
ret = -EINVAL;
177+
goto set_code_triple_exit;
178+
}
179+
170180
desc->bDeviceClass = base_class;
171181
desc->bDeviceSubClass = subclass;
172182
desc->bDeviceProtocol = protocol;

0 commit comments

Comments
 (0)