PERFORCE change 167286 for review
Hans Petter Selasky
hselasky at FreeBSD.org
Thu Aug 13 12:45:04 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=167286
Change 167286 by hselasky at hselasky_laptop001 on 2009/08/13 12:44:04
USB CORE:
- fix memory use after free race for USB character devices.
- reported by Lucius Windschuh
Affected files ...
.. //depot/projects/usb/src/sys/dev/usb/usb_device.c#49 edit
Differences ...
==== //depot/projects/usb/src/sys/dev/usb/usb_device.c#49 (text+ko) ====
@@ -1901,15 +1901,18 @@
usb_cdev_free(struct usb_device *udev)
{
struct usb_fs_privdata* pd;
+ struct cdev* pcdev;
DPRINTFN(2, "Freeing device nodes\n");
while ((pd = LIST_FIRST(&udev->pd_list)) != NULL) {
KASSERT(pd->cdev->si_drv1 == pd, ("privdata corrupt"));
- destroy_dev_sched_cb(pd->cdev, usb_cdev_cleanup, pd);
+ pcdev = pd->cdev;
pd->cdev = NULL;
LIST_REMOVE(pd, pd_next);
+ if (pcdev != NULL)
+ destroy_dev_sched_cb(pcdev, usb_cdev_cleanup, pd);
}
}
More information about the p4-projects
mailing list