[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 7/7] usb: fix use after free
|
From: |
Gerd Hoffmann |
|
Subject: |
[Qemu-devel] [PATCH 7/7] usb: fix use after free |
|
Date: |
Thu, 25 Aug 2011 17:06:57 +0200 |
The ->complete() callback might have released the USBPacket (uhci
actually does), so we must not touch it after the callback returns.
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/usb.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/usb.c b/hw/usb.c
index 685e775..a091e4e 100644
--- a/hw/usb.c
+++ b/hw/usb.c
@@ -338,8 +338,8 @@ void usb_packet_complete(USBDevice *dev, USBPacket *p)
{
/* Note: p->owner != dev is possible in case dev is a hub */
assert(p->owner != NULL);
- dev->port->ops->complete(dev->port, p);
p->owner = NULL;
+ dev->port->ops->complete(dev->port, p);
}
/* Cancel an active packet. The packed must have been deferred by
--
1.7.1
- [Qemu-devel] [PATCH 0/7] usb-host: bugfixes, Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 2/7] usb-host: reapurb error report fix, Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 4/7] usb-host: limit open retries, Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 3/7] usb-host: fix halted endpoints, Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 6/7] usb-host: claim port, Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 7/7] usb: fix use after free,
Gerd Hoffmann <=
- [Qemu-devel] [PATCH 5/7] usb-host: fix configuration tracking., Gerd Hoffmann, 2011/08/25
- [Qemu-devel] [PATCH 1/7] usb-host: start tracing support, Gerd Hoffmann, 2011/08/25