ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

usb: fix use after free 

The ->complete() callback might have released the USBPacket (uhci
actually does), so we must not touch it after the callback returns.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Gerd Hoffmann 2011-08-25 16:43:15 +02:00
parent 0c402e5abb
commit 4d8debba76
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/usb.c
View File

@ -338,8 +338,8 @@ void usb_packet_complete(USBDevice *dev, USBPacket *p)
{ {
/* Note: p->owner != dev is possible in case dev is a hub */ /* Note: p->owner != dev is possible in case dev is a hub */
assert(p->owner != NULL); assert(p->owner != NULL);
dev->port->ops->complete(dev->port, p);
p->owner = NULL; p->owner = NULL;
dev->port->ops->complete(dev->port, p);
} }
/* Cancel an active packet. The packed must have been deferred by /* Cancel an active packet. The packed must have been deferred by