diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-06-12 15:34:34 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-06-12 15:34:34 +0100 |
| commit | 2ab09bf2f9f55b9fb8d2de6eb2ba2a8570e268e2 (patch) | |
| tree | 882ab7bb5da085f75b6a5e1094f6df266183c562 /hw/usb/dev-mtp.c | |
| parent | 3b68de85b9b964e1bfb8474af1208717ba29b9ff (diff) | |
| parent | 3c969a6022438cf59de10d2dc3c58f4807788f98 (diff) | |
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180612-pull-request' into staging
usb: bug fix collection, doc update.
# gpg: Signature made Tue 12 Jun 2018 11:44:17 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/usb-20180612-pull-request:
usb-mtp: Return error on suspicious TYPE_DATA packet from initiator
usb-hcd-xhci-test: add a test for ccid hotplug
usb-ccid: fix bus leak
object: fix OBJ_PROP_LINK_UNREF_ON_RELEASE ambivalence
bus: do not unref the added child bus on realize
usb/dev-mtp: Fix use of uninitialized values
usb: correctly handle Zero Length Packets
usb: update docs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/usb/dev-mtp.c')
| -rw-r--r-- | hw/usb/dev-mtp.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 560c61c7c1..1ded7ac9a3 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -1017,12 +1017,16 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, MTPObject *o) { - MTPData *d = usb_mtp_data_alloc(c); + MTPData *d; off_t offset; + if (c->argc <= 2) { + return NULL; + } trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path, c->argv[1], c->argv[2]); + d = usb_mtp_data_alloc(c); d->fd = open(o->path, O_RDONLY); if (d->fd == -1) { usb_mtp_data_free(d); @@ -1696,6 +1700,11 @@ static void usb_mtp_get_data(MTPState *s, mtp_container *container, uint64_t dlen; uint32_t data_len = p->iov.size; + if (!d) { + usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, 0, + 0, 0, 0, 0); + return; + } if (d->first) { /* Total length of incoming data */ d->length = cpu_to_le32(container->length) - sizeof(mtp_container); |