commit | c848e5b72a1670a33eb84f210b951177a3de19e9 | [log] [tgz] |
---|---|---|
author | Chris Dickens <christopher.a.dickens@gmail.com> | Tue Aug 06 13:16:16 2013 -0700 |
committer | Nathan Hjelm <hjelmn@me.com> | Wed Aug 07 20:45:43 2013 -0600 |
tree | 724d37088082fc8979f8bd8e0c4a77ff15b55722 | |
parent | 69d88b7fef75aef4ab99b1086c5be84626aedceb [diff] |
Core: Fix potential segfault caused by using freed memory When a transfer is submitted, the device is referenced in libusb_submit_transfer() and unreferenced in usbi_handle_transfer_completion(). This transfer could potentially be freed by any user callback, or is freed by libusb if LIBUSB_TRANSFER_FREE_TRANSFER is set in the flags. The call to unreference the device uses this potentially freed memory. Reading the device handle beforehand will prevent this disaster.