msm: usbaudio: Add check for NULL before dereferencing

kzalloc() and usb_ifnum_to_if() both APIs can return NULL. Current
code is not checking return value and derefencing which may crash
device if it is set to NULL. Fix this by checking return value
against NULL and handling the same.

CRs-Fixed: 562273
Change-Id: I0d2c910f43321e94fc447b19ae3e3207727e24f3
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Banajit Goswami <bgoswami@codeaurora.org>

1 files changed, 15 insertions, 3 deletions

diff --git a/sound/usb/card.c b/sound/usb/card.c
index 18f56646ce86..3b70175a3000 100644
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -216,11 +216,24 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif)
 	struct usb_device *dev = chip->dev;
 	struct usb_host_interface *host_iface;
 	struct usb_interface_descriptor *altsd;
+	struct usb_interface *usb_iface;
 	void *control_header;
 	int i, protocol;
 
+	usb_iface = usb_ifnum_to_if(dev, ctrlif);
+	if (!usb_iface) {
+		snd_printk(KERN_ERR "%d:%u : does not exist\n",
+					dev->devnum, ctrlif);
+		return -EINVAL;
+	}
+
 	/* find audiocontrol interface */
-	host_iface = &usb_ifnum_to_if(dev, ctrlif)->altsetting[0];
+	host_iface = &usb_iface->altsetting[0];
+	if (!host_iface) {
+		snd_printk(KERN_ERR "Audio Control interface is not available.");
+		return -EINVAL;
+	}
+
 	control_header = snd_usb_find_csint_desc(host_iface->extra,
 						 host_iface->extralen,
 						 NULL, UAC_HEADER);
@@ -260,8 +273,7 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif)
 
 	case UAC_VERSION_2: {
 		struct usb_interface_assoc_descriptor *assoc =
-			usb_ifnum_to_if(dev, ctrlif)->intf_assoc;
-
+						usb_iface->intf_assoc;
 		if (!assoc) {
 			/*
 			 * Firmware writers cannot count to three.  So to find