[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 6/7] usb: fix use after free
|
From: |
Gerd Hoffmann |
|
Subject: |
[Qemu-devel] [PATCH 6/7] usb: fix use after free |
|
Date: |
Fri, 2 Sep 2011 12:01:13 +0200 |
The ->complete() callback might have released the USBPacket (uhci
actually does), so we must not touch it after the callback returns.
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 722d89396b6ccb49cd9d3aafd991ae01c8a30744)
---
hw/usb.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/usb.c b/hw/usb.c
index 27a983c..b44e997 100644
--- a/hw/usb.c
+++ b/hw/usb.c
@@ -334,8 +334,8 @@ void usb_packet_complete(USBDevice *dev, USBPacket *p)
{
/* Note: p->owner != dev is possible in case dev is a hub */
assert(p->owner != NULL);
- dev->port->ops->complete(dev->port, p);
p->owner = NULL;
+ dev->port->ops->complete(dev->port, p);
}
/* Cancel an active packet. The packed must have been deferred by
--
1.7.1
- [Qemu-devel] [STABLE PULL] usb bugfixes, Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 1/7] usb-host: reapurb error report fix, Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 3/7] usb-host: fix configuration tracking., Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 2/7] usb-host: fix halted endpoints, Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 6/7] usb: fix use after free,
Gerd Hoffmann <=
- [Qemu-devel] [PATCH 4/7] usb-host: endpoint table fixup, Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 5/7] usb-ehci: handle siTDs, Gerd Hoffmann, 2011/09/02
- [Qemu-devel] [PATCH 7/7] usb: claim port at device initialization time., Gerd Hoffmann, 2011/09/02