Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libusb / c848e5b72a1670a33eb84f210b951177a3de19e9
commitc848e5b72a1670a33eb84f210b951177a3de19e9[log] [tgz]
authorChris Dickens <christopher.a.dickens@gmail.com>Tue Aug 06 13:16:16 2013 -0700
committerNathan Hjelm <hjelmn@me.com>Wed Aug 07 20:45:43 2013 -0600
tree724d37088082fc8979f8bd8e0c4a77ff15b55722
parent69d88b7fef75aef4ab99b1086c5be84626aedceb [diff]
Core: Fix potential segfault caused by using freed memory

When a transfer is submitted, the device is referenced in libusb_submit_transfer()
and unreferenced in usbi_handle_transfer_completion(). This transfer could potentially
be freed by any user callback, or is freed by libusb if LIBUSB_TRANSFER_FREE_TRANSFER
is set in the flags. The call to unreference the device uses this potentially freed
memory. Reading the device handle beforehand will prevent this disaster.
1 file changed
tree: 724d37088082fc8979f8bd8e0c4a77ff15b55722
  1. .private/
  2. doc/
  3. examples/
  4. libusb/
  5. msvc/
  6. tests/
  7. Xcode/
  8. .gitattributes
  9. .gitignore
  10. AUTHORS
  11. autogen.sh
  12. bootstrap.sh
  13. ChangeLog
  14. configure.ac
  15. COPYING
  16. INSTALL
  17. INSTALL_WIN.txt
  18. libusb-1.0.pc.in
  19. Makefile.am
  20. NEWS
  21. PORTING
  22. README
  23. README.git
  24. THANKS
  25. TODO