Date: Thu, 13 Aug 2009 12:45:01 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 167286 for review Message-ID: <200908131245.n7DCj17O073197@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167286 Change 167286 by hselasky@hselasky_laptop001 on 2009/08/13 12:44:04 USB CORE: - fix memory use after free race for USB character devices. - reported by Lucius Windschuh Affected files ... .. //depot/projects/usb/src/sys/dev/usb/usb_device.c#49 edit Differences ... ==== //depot/projects/usb/src/sys/dev/usb/usb_device.c#49 (text+ko) ==== @@ -1901,15 +1901,18 @@ usb_cdev_free(struct usb_device *udev) { struct usb_fs_privdata* pd; + struct cdev* pcdev; DPRINTFN(2, "Freeing device nodes\n"); while ((pd = LIST_FIRST(&udev->pd_list)) != NULL) { KASSERT(pd->cdev->si_drv1 == pd, ("privdata corrupt")); - destroy_dev_sched_cb(pd->cdev, usb_cdev_cleanup, pd); + pcdev = pd->cdev; pd->cdev = NULL; LIST_REMOVE(pd, pd_next); + if (pcdev != NULL) + destroy_dev_sched_cb(pcdev, usb_cdev_cleanup, pd); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908131245.n7DCj17O073197>