From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Subject: usb: usbfs: fix crash in check_ctrlrecip()->usb_find_alt_setting()
From: Vladis Dronov <vdronov@redhat.com>
Message-Id: <1046309093.16165115.1537950128159.JavaMail.zimbra@redhat.com>
Date: Wed, 26 Sep 2018 04:22:08 -0400 (EDT)
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Andrey Konovalov <andreyknvl@google.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Oliver Neukum <oneukum@suse.com>, Hans de Goede <hdegoede@redhat.com>, syzkaller <syzkaller@googlegroups.com>, USB list <linux-usb@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>, stable <stable@vger.kernel.org>
List-ID: <linux-usb.vger.kernel.org>

SGVsbG8sIEFsYW4sCgo+IE5vdyBjb25zaWRlciB0aGUgY2FzZSBhdCBoYW5kOiB0aGUgY2FsbCB0
byB1c2JfZmluZF9hbHRfc2V0dGluZygpIGZyb20KPiBjaGVja19jdHJscmVjaXAoKS4gIEluIHRo
aXMgY2FzZSBwcy0+ZGV2LT5hY3Rjb25maWcgYmVpbmcgTlVMTCBkb2Vzbid0Cj4gaW5kaWNhdGUg
YW4gZXJyb3Igb3IgYSBidWc7IGl0IG1lcmVseSBpbmRpY2F0ZXMgdGhhdCB0aGUgdXNlciBpcyB0
cnlpbmcKPiB0byBzZW5kIGEgY29udHJvbCByZXF1ZXN0IHRvIGEgZGV2aWNlIHdoaWNoIGhhcHBl
bnMgdG8gYmUgdW5jb25maWd1cmVkLAo+IHdoaWNoIGlzIGEgcGVyZmVjdGx5IHZhbGlkIHRoaW5n
IHRvIGRvLiAgVGhlcmVmb3JlIGl0IHNob3VsZG4ndCByZXF1aXJlCj4gYW55IHNwZWNpYWwgaGFu
ZGxpbmcgYXQgdGhlIGNhbGwgc2l0ZS4KPiAKPiBBbGFuIFN0ZXJuCgpUaGFuayB5b3UgZm9yIHRo
ZSBleHBsYW5hdGlvbiBhbmQgYSBkZXRhaWxlZCByZXNwb25zZS4KCkJlc3QgcmVnYXJkcywKVmxh
ZGlzIERyb25vdiB8IFJlZCBIYXQsIEluYy4gfCBQcm9kdWN0IFNlY3VyaXR5IEVuZ2luZWVyCgot
LS0tLSBPcmlnaW5hbCBNZXNzYWdlIC0tLS0tCj4gRnJvbTogIkFsYW4gU3Rlcm4iIDxzdGVybkBy
b3dsYW5kLmhhcnZhcmQuZWR1Pgo+IFRvOiAiVmxhZGlzIERyb25vdiIgPHZkcm9ub3ZAcmVkaGF0
LmNvbT4KPiBDYzogIkFuZHJleSBLb25vdmFsb3YiIDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+LCAi
R3JlZyBLcm9haC1IYXJ0bWFuIiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+LCAiT2xpdmVy
IE5ldWt1bSIKPiA8b25ldWt1bUBzdXNlLmNvbT4sICJIYW5zIGRlIEdvZWRlIiA8aGRlZ29lZGVA
cmVkaGF0LmNvbT4sICJzeXprYWxsZXIiIDxzeXprYWxsZXJAZ29vZ2xlZ3JvdXBzLmNvbT4sICJV
U0IgbGlzdCIKPiA8bGludXgtdXNiQHZnZXIua2VybmVsLm9yZz4sICJMS01MIiA8bGludXgta2Vy
bmVsQHZnZXIua2VybmVsLm9yZz4sICJzdGFibGUiIDxzdGFibGVAdmdlci5rZXJuZWwub3JnPgo+
IFNlbnQ6IFR1ZXNkYXksIFNlcHRlbWJlciAyNSwgMjAxOCAxMDo0NDoxNCBQTQo+IFN1YmplY3Q6
IFJlOiBbUEFUQ0hdIHVzYjogdXNiZnM6IGZpeCBjcmFzaCBpbiBjaGVja19jdHJscmVjaXAoKS0+
dXNiX2ZpbmRfYWx0X3NldHRpbmcoKQo+IAo+IE9uIFR1ZSwgMjUgU2VwIDIwMTgsIFZsYWRpcyBE
cm9ub3Ygd3JvdGU6Cj4gCj4gPiA+ID4gV2hhdCBhYm91dCBhZGRpbmcgYSBXQVJOX09OKCk/IEl0
IGRvZXNuJ3QgY3Jhc2ggdGhlIGtlcm5lbCBhbmQgaXQgd2lsbAo+ID4gPiA+IGJlIGRldGVjdGVk
IGFuZCByZXBvcnRlZCBieSBzeXpib3QuCj4gPiAKPiA+IFllcywgdGhhdCB3b3VsZCBiZSBhIGdy
ZWF0IHNvbHV0aW9uLgo+ID4gCj4gPiA+IFN1cmUsIHdlIGNvdWxkIGRvIHRoYXQuICBCdXQgd291
bGQgYmUgdGhlIHBvaW50Pwo+ID4gCj4gPiBXZSBrbm93IHdoZW4gdXNiX2ZpbmRfYWx0X3NldHRp
bmcoKSBjYWxsZXJzIGRvIHNtdGggd2VpcmQgYW5kIGdvIGZpeCB0aGVtLgo+ID4gCj4gPiA+IEFm
dGVyIGM5YTRjYjIwNGU5ZSwgY2FsbGluZyB1c2JfZmluZF9hbHRfc2V0dGluZygpIHdpdGggYSBO
VUxMIGNvbmZpZyBpcwo+ID4gPiBubyBtb3JlIG9mIGEgYnVnIHRoYW4gY2FsbGluZyBrZnJlZSgp
IHdpdGggYSBOVUxMIHBvaW50ZXIuCj4gPiAKPiA+IFllcywgZXhhY3RseS4KPiA+IAo+ID4gPiBZ
b3Ugd291bGRuJ3Qgd2FudCB0byBwdXQgYSBXQVJOX09OIGluIGtmcmVlKCksIHdvdWxkIHlvdT8K
PiA+IAo+ID4gSG9uZXN0bHksIGluIHRoZSBpZGVhbCB3b3JsZCBJIHdvdWxkLCBhZ2FpbiwgdG8g
YmUgYXdhcmUgd2hlbiBzb21lIGNvZGUKPiA+IGRvZXMKPiA+IHNvbWV0aGluZyB3ZWlyZCBzbyB3
ZSBrbm93IGFib3V0IGl0LiBCdXQgdGhpcyB3b3JsZCBpcyB0aGlzIHdvcmxkLCBpdCBuZWVkcwo+
ID4gbW9yZSBwZXJmb3JtYW5jZSB0byB0aGUgdGhyb25lIG9mIHBlcmZvcm1hbmNlLgo+IAo+IEJ1
dCBpcyBpdCByZWFsbHkgd29ydGh3aGlsZT8gIEluIHRlcm1zIG9mIGNhdGNoaW5nIGJ1Z3MsIHRo
aXMgd291bGQKPiBoZWxwIGluIG9ubHkgb25lIHNpdHVhdGlvbjogd2hlbiB0aGUgcHJvZ3JhbW1l
ciB0aGlua3MgdGhlIGFyZ3VtZW50Cj4gc2hvdWxkIGFsd2F5cyBiZSBub24tTlVMTCBiZWNhdXNl
IGEgTlVMTCBhcmd1bWVudCBpbmRpY2F0ZXMgYSBidWcuCj4gU3VjaCBzaXR1YXRpb25zIHNlZW0g
dG8gYmUgcmVsYXRpdmVseSByYXJlLCBhbmQgd2UgY2FuIGhhbmRsZSB0aGVtIGJ5Cj4gaW5zZXJ0
aW5nIGEgV0FSTl9PTigpIGF0IHRoZSBjYWxsIHNpdGUgaWYgbmVlZCBiZS4KPiAKPiBTbyBpdCdz
IGEgY2hvaWNlIGJldHdlZW46Cj4gCj4gICAgICAxLiBQdXR0aW5nIGEgc2luZ2xlIHRlc3QgZm9y
IE5VTEwgaW4gdGhlIGZ1bmN0aW9uIGJlaW5nIGNhbGxlZCwKPiAJdG9nZXRoZXIgd2l0aCBXQVJO
X09OKCkgYXQgYSBzbWFsbCBudW1iZXIgb2YgY2FsbCBzaXRlcywgb3IKPiAKPiAgICAgIDIuIFB1
dHRpbmcgYSBXQVJOX09OKCkgKG9yIGFsbG93aW5nIGEgY3Jhc2gpIGluIHRoZSBmdW5jdGlvbiBi
ZWluZwo+IAljYWxsZWQsIHRvZ2V0aGVyIHdpdGggdGVzdHMgZm9yIE5VTEwgYXQgYSBwb3RlbnRp
YWxseSBsYXJnZQo+IAludW1iZXIgb2YgY2FsbCBzaXRlcy4KPiAKPiAxIGhhcyB0d28gYWR2YW50
YWdlcyBvdmVyIDIuICBGaXJzdCwgaXQgaW52b2x2ZXMgYWRkaW5nIGxlc3MgY29kZQo+IG92ZXJh
bGwuICBTZWNvbmQsIGl0IGRvZXNuJ3QgcmVxdWlyZSB0aGUgcHJvZ3JhbW1lciB0byByZW1lbWJl
ciB0byBhZGQKPiBzcGVjaWFsIGNvZGUgKGEgdGVzdCBvciBhIFdBUk5fT04pIGluIHNpdHVhdGlv
biB3aGVyZSBpdCBkb2Vzbid0Cj4gbWF0dGVyIC0tIHByZXN1bWFibHkgdGhlIG1ham9yaXR5IG9m
IHRoZW0uCj4K