[Bug 196471] segmentation fault in libusb usage
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jan 3 23:02:57 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196471
Bug ID: 196471
Summary: segmentation fault in libusb usage
Product: Base System
Version: 10.1-STABLE
Hardware: i386
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: usb
Assignee: freebsd-usb at FreeBSD.org
Reporter: markus.heinz at uni-dortmund.de
Created attachment 151308
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151308&action=edit
testcase for libusb segmentation fault
I have encountered a segmentation fault when using libusb on an i386 FreeBSD
10.1 system with the latest patches applied:
Steps to reproduce:
- get a pointer libusb_device *device
- use it in some way
- close it
- reopen it
- claim an interface of the device handle
- then it crashes with a segmentation fault
Debugging the libusb_claim_interface method led to this observation:
I am referring to this source code:
http://svnweb.freebsd.org/base/stable/10/lib/libusb/libusb10.c?view=markup#l611
In line 615 the libusb_device * is calculated from the given
libusb_device_handle *. The device does contain a NULL pointer as dev->ctx.
This null pointer is passed to CTX_LOCK in line 622. Then the segmentation
fault occurs.
If this line is inserted before line 622 the segmentation fault does not occur:
dev->ctx = GET_CONTEXT(dev->ctx);
But I am not sure if this is the right way to address the problem.
I have created a testcase which I will attach. You need to replace the
manufacturer and product ids with some values for a connected usb device. The
values in the example are for a HP Deskjet 5550 printer.
The same testcase works as expected on an Ubuntu 14.04 system with libusbx
1.0.17.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-usb
mailing list