From d3d636627c8bb57a64bfadcc5d282c35d152f563 Mon Sep 17 00:00:00 2001 From: Mayank Rana Date: Thu, 28 Aug 2014 15:11:44 -0700 Subject: [PATCH] f_qc_rndis: Check config or cdev is NULL in before accessing RNDIS control path completion handlers are getting called during disconnect as part of composition switch and this is leading to a crash. Avoid this crash, by checking, if cdev is not NULL before accessing. CRs-Fixed: 717035 Bug: 35136547 Change-Id: Id8748f963298129a403ffd6e4413476013315061 Signed-off-by: Mayank Rana --- drivers/usb/gadget/f_qc_rndis.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/f_qc_rndis.c b/drivers/usb/gadget/f_qc_rndis.c index 3bccfe8fc5a76..dfa3dd6ed18dd 100644 --- a/drivers/usb/gadget/f_qc_rndis.c +++ b/drivers/usb/gadget/f_qc_rndis.c @@ -552,7 +552,14 @@ static void rndis_qc_response_complete(struct usb_ep *ep, { struct f_rndis_qc *rndis = req->context; int status = req->status; - struct usb_composite_dev *cdev = rndis->port.func.config->cdev; + struct usb_composite_dev *cdev; + + if (!rndis->port.func.config || !rndis->port.func.config->cdev) { + pr_err("%s(): cdev or config is NULL.\n", __func__); + return; + } else { + cdev = rndis->port.func.config->cdev; + } /* after TX: * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)