USB: Trival cleanup in MSM drivers
Changes:
1. strncpy() to strlcpy()
2. sprintf() to snprintf()
3. Add buffer size in sscanf()
4. Fix the accessing of NULL pointers
Change-Id: I27c05d21a6551026764b0d3b2dbd8756a5992b20
Signed-off-by: Rajkumar Raghupathy <raghup@codeaurora.org>
diff --git a/drivers/usb/gadget/android.c b/drivers/usb/gadget/android.c
index a86e049..8d58833 100644
--- a/drivers/usb/gadget/android.c
+++ b/drivers/usb/gadget/android.c
@@ -320,7 +320,7 @@
struct device *device, struct device_attribute *attr,
const char *buff, size_t size)
{
- strncpy(diag_clients, buff, sizeof(diag_clients));
+ strlcpy(diag_clients, buff, sizeof(diag_clients));
return size;
}
@@ -348,7 +348,7 @@
int once = 0, err = -1;
int (*notify)(uint32_t, const char *) = NULL;
- strncpy(buf, diag_clients, sizeof(buf));
+ strlcpy(buf, diag_clients, sizeof(buf));
b = strim(buf);
while (b) {
@@ -381,7 +381,7 @@
struct device *device, struct device_attribute *attr,
const char *buff, size_t size)
{
- strncpy(serial_transports, buff, sizeof(serial_transports));
+ strlcpy(serial_transports, buff, sizeof(serial_transports));
return size;
}
@@ -407,7 +407,7 @@
goto bind_config;
serial_initialized = 1;
- strncpy(buf, serial_transports, sizeof(buf));
+ strlcpy(buf, serial_transports, sizeof(buf));
b = strim(buf);
while (b) {
@@ -673,7 +673,7 @@
{
struct android_usb_function *f = dev_get_drvdata(dev);
struct rndis_function_config *config = f->config;
- return sprintf(buf, "%s\n", config->manufacturer);
+ return snprintf(buf, PAGE_SIZE, "%s\n", config->manufacturer);
}
static ssize_t rndis_manufacturer_store(struct device *dev,
@@ -684,7 +684,7 @@
if (size >= sizeof(config->manufacturer))
return -EINVAL;
- if (sscanf(buf, "%s", config->manufacturer) == 1)
+ if (sscanf(buf, "%255s", config->manufacturer) == 1)
return size;
return -1;
}
@@ -697,7 +697,7 @@
{
struct android_usb_function *f = dev_get_drvdata(dev);
struct rndis_function_config *config = f->config;
- return sprintf(buf, "%d\n", config->wceis);
+ return snprintf(buf, PAGE_SIZE, "%d\n", config->wceis);
}
static ssize_t rndis_wceis_store(struct device *dev,
@@ -722,7 +722,7 @@
{
struct android_usb_function *f = dev_get_drvdata(dev);
struct rndis_function_config *rndis = f->config;
- return sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x\n",
+ return snprintf(buf, PAGE_SIZE, "%02x:%02x:%02x:%02x:%02x:%02x\n",
rndis->ethaddr[0], rndis->ethaddr[1], rndis->ethaddr[2],
rndis->ethaddr[3], rndis->ethaddr[4], rndis->ethaddr[5]);
}
@@ -749,7 +749,7 @@
{
struct android_usb_function *f = dev_get_drvdata(dev);
struct rndis_function_config *config = f->config;
- return sprintf(buf, "%04x\n", config->vendorID);
+ return snprintf(buf, PAGE_SIZE, "%04x\n", config->vendorID);
}
static ssize_t rndis_vendorID_store(struct device *dev,
@@ -844,7 +844,7 @@
{
struct android_usb_function *f = dev_get_drvdata(dev);
struct mass_storage_function_config *config = f->config;
- return sprintf(buf, "%s\n", config->common->inquiry_string);
+ return snprintf(buf, PAGE_SIZE, "%s\n", config->common->inquiry_string);
}
static ssize_t mass_storage_inquiry_store(struct device *dev,
@@ -854,7 +854,7 @@
struct mass_storage_function_config *config = f->config;
if (size >= sizeof(config->common->inquiry_string))
return -EINVAL;
- if (sscanf(buf, "%s", config->common->inquiry_string) != 1)
+ if (sscanf(buf, "%28s", config->common->inquiry_string) != 1)
return -EINVAL;
return size;
}
@@ -935,7 +935,7 @@
struct android_usb_function *f;
struct device_attribute **attrs;
struct device_attribute *attr;
- int err;
+ int err = 0;
int index = 0;
for (; (f = *functions++); index++) {
@@ -1048,7 +1048,7 @@
char *buff = buf;
list_for_each_entry(f, &dev->enabled_functions, enabled_list)
- buff += sprintf(buff, "%s,", f->name);
+ buff += snprintf(buff, PAGE_SIZE, "%s,", f->name);
if (buff != buf)
*(buff-1) = '\n';
return buff - buf;
@@ -1065,7 +1065,7 @@
INIT_LIST_HEAD(&dev->enabled_functions);
- strncpy(buf, buff, sizeof(buf));
+ strlcpy(buf, buff, sizeof(buf));
b = strim(buf);
while (b) {
@@ -1084,7 +1084,7 @@
char *buf)
{
struct android_dev *dev = dev_get_drvdata(pdev);
- return sprintf(buf, "%d\n", dev->enabled);
+ return snprintf(buf, PAGE_SIZE, "%d\n", dev->enabled);
}
static ssize_t enable_store(struct device *pdev, struct device_attribute *attr,
@@ -1138,7 +1138,7 @@
state = "CONNECTED";
spin_unlock_irqrestore(&cdev->lock, flags);
out:
- return sprintf(buf, "%s\n", state);
+ return snprintf(buf, PAGE_SIZE, "%s\n", state);
}
#define DESCRIPTOR_ATTR(field, format_string) \
@@ -1146,7 +1146,8 @@
field ## _show(struct device *dev, struct device_attribute *attr, \
char *buf) \
{ \
- return sprintf(buf, format_string, device_desc.field); \
+ return snprintf(buf, PAGE_SIZE, \
+ format_string, device_desc.field); \
} \
static ssize_t \
field ## _store(struct device *dev, struct device_attribute *attr, \
@@ -1166,14 +1167,14 @@
field ## _show(struct device *dev, struct device_attribute *attr, \
char *buf) \
{ \
- return sprintf(buf, "%s", buffer); \
+ return snprintf(buf, PAGE_SIZE, "%s", buffer); \
} \
static ssize_t \
field ## _store(struct device *dev, struct device_attribute *attr, \
const char *buf, size_t size) \
{ \
if (size >= sizeof(buffer)) return -EINVAL; \
- if (sscanf(buf, "%s", buffer) == 1) { \
+ if (sscanf(buf, "%255s", buffer) == 1) { \
return size; \
} \
return -1; \
@@ -1261,9 +1262,10 @@
device_desc.iProduct = id;
/* Default strings - should be updated by userspace */
- strncpy(manufacturer_string, "Android", sizeof(manufacturer_string) - 1);
- strncpy(product_string, "Android", sizeof(product_string) - 1);
- strncpy(serial_string, "0123456789ABCDEF", sizeof(serial_string) - 1);
+ strlcpy(manufacturer_string, "Android",
+ sizeof(manufacturer_string) - 1);
+ strlcpy(product_string, "Android", sizeof(product_string) - 1);
+ strlcpy(serial_string, "0123456789ABCDEF", sizeof(serial_string) - 1);
id = usb_string_id(cdev);
if (id < 0)
diff --git a/drivers/usb/gadget/f_rmnet.c b/drivers/usb/gadget/f_rmnet.c
index ebbd1d8..69f158a 100644
--- a/drivers/usb/gadget/f_rmnet.c
+++ b/drivers/usb/gadget/f_rmnet.c
@@ -701,6 +701,9 @@
f->descriptors = usb_copy_descriptors(rmnet_fs_function);
+ if (!f->descriptors)
+ goto fail;
+
dev->fs.in = usb_find_endpoint(rmnet_fs_function,
f->descriptors,
&rmnet_fs_in_desc);
@@ -722,6 +725,9 @@
/* copy descriptors, and track endpoint copies */
f->hs_descriptors = usb_copy_descriptors(rmnet_hs_function);
+ if (!f->hs_descriptors)
+ goto fail;
+
dev->hs.in = usb_find_endpoint(rmnet_hs_function,
f->hs_descriptors, &rmnet_hs_in_desc);
dev->hs.out = usb_find_endpoint(rmnet_hs_function,
@@ -737,6 +743,9 @@
return 0;
+fail:
+ if (f->descriptors)
+ usb_free_descriptors(f->descriptors);
ep_notify_alloc_fail:
dev->notify->driver_data = NULL;
dev->notify = NULL;