hcd-musb: fix dereference null return value (a9be7657) · Commits · SUMMER2020 / students / proj-2021291

hw/usb/hcd-musb.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -608,6 +608,7 @@ static void musb_packet(MUSBState s, MUSBEndPoint ep,
		USBDevice *dev;
		USBEndpoint *uep;
		int idx = epnum && dir;
		int id;
		int ttype;

		/* ep->type[0,1] contains:
		@@ -625,8 +626,11 @@ static void musb_packet(MUSBState s, MUSBEndPoint ep,
		/* A wild guess on the FADDR semantics... */
		dev = usb_find_device(&s->port, ep->faddr[idx]);
		uep = usb_ep_get(dev, pid, ep->type[idx] & 0xf);
		usb_packet_setup(&ep->packey[dir].p, pid, uep, 0,
		(dev->addr << 16) \| (uep->nr << 8) \| pid, false, true);
		id = pid;
		if (uep) {
		id \|= (dev->addr << 16) \| (uep->nr << 8);
		}
		usb_packet_setup(&ep->packey[dir].p, pid, uep, 0, id, false, true);
		usb_packet_addbuf(&ep->packey[dir].p, ep->buf[idx], len);
		ep->packey[dir].ep = ep;
		ep->packey[dir].dir = dir;