Date: Sat, 03 Jan 2015 23:02:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-usb@FreeBSD.org Subject: [Bug 196471] segmentation fault in libusb usage Message-ID: <bug-196471-17@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196471 Bug ID: 196471 Summary: segmentation fault in libusb usage Product: Base System Version: 10.1-STABLE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: usb Assignee: freebsd-usb@FreeBSD.org Reporter: markus.heinz@uni-dortmund.de Created attachment 151308 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151308&action=edit testcase for libusb segmentation fault I have encountered a segmentation fault when using libusb on an i386 FreeBSD 10.1 system with the latest patches applied: Steps to reproduce: - get a pointer libusb_device *device - use it in some way - close it - reopen it - claim an interface of the device handle - then it crashes with a segmentation fault Debugging the libusb_claim_interface method led to this observation: I am referring to this source code: http://svnweb.freebsd.org/base/stable/10/lib/libusb/libusb10.c?view=markup#l611 In line 615 the libusb_device * is calculated from the given libusb_device_handle *. The device does contain a NULL pointer as dev->ctx. This null pointer is passed to CTX_LOCK in line 622. Then the segmentation fault occurs. If this line is inserted before line 622 the segmentation fault does not occur: dev->ctx = GET_CONTEXT(dev->ctx); But I am not sure if this is the right way to address the problem. I have created a testcase which I will attach. You need to replace the manufacturer and product ids with some values for a connected usb device. The values in the example are for a HP Deskjet 5550 printer. The same testcase works as expected on an Ubuntu 14.04 system with libusbx 1.0.17. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196471-17>