Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 03 Jan 2015 23:02:57 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-usb@FreeBSD.org
Subject:   [Bug 196471] segmentation fault in libusb usage
Message-ID:  <bug-196471-17@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196471

            Bug ID: 196471
           Summary: segmentation fault in libusb usage
           Product: Base System
           Version: 10.1-STABLE
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: usb
          Assignee: freebsd-usb@FreeBSD.org
          Reporter: markus.heinz@uni-dortmund.de

Created attachment 151308
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151308&action=edit
testcase for libusb segmentation fault

I have encountered a segmentation fault when using libusb on an i386 FreeBSD
10.1 system with the latest patches applied:

Steps to reproduce:

- get a pointer libusb_device *device
- use it in some way
- close it
- reopen it
- claim an interface of the device handle
- then it crashes with a segmentation fault

Debugging the libusb_claim_interface method led to this observation:

I am referring to this source code:
http://svnweb.freebsd.org/base/stable/10/lib/libusb/libusb10.c?view=markup#l611

In line 615 the libusb_device * is calculated from the given
libusb_device_handle *. The device does contain a NULL pointer as dev->ctx.
This null pointer is passed to CTX_LOCK in line 622. Then the segmentation
fault occurs.

If this line is inserted before line 622 the segmentation fault does not occur:

dev->ctx = GET_CONTEXT(dev->ctx);

But I am not sure if this is the right way to address the problem.

I have created a testcase which I will attach. You need to replace the
manufacturer and product ids with some values for a connected usb device. The
values in the example are for a HP Deskjet 5550 printer.

The same testcase works as expected on an Ubuntu 14.04 system with libusbx
1.0.17.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196471-17>