usb: gadget: prevent potenial null pointer dereference on skb->len

An earlier fix partially fixed the null pointer dereference on skb->len
by moving the assignment of len after the check on skb being non-null,
however it failed to remove the erroneous dereference when assigning len.
Correctly fix this by removing the initialisation of len as was
originally intended.

Fixes: 70237dc8efd092 ("usb: gadget: function: f_eem: socket buffer may be NULL")
Acked-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>

diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c
index 8741fd7..007ec6e 100644 (file)
--- a/drivers/usb/gadget/function/f_eem.c
+++ b/drivers/usb/gadget/function/f_eem.c
@@ -342,7 +342,7 @@ static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb)
        struct sk_buff  *skb2 = NULL;
        struct usb_ep   *in = port->in_ep;
        int             headroom, tailroom, padlen = 0;
-       u16             len = skb->len;
+       u16             len;
 
        if (!skb)
                return NULL;