a fix for SIGSEGV in handle_bulk_completion()

We cannot dereference tpriv after calling usbi_handle_transfer_cancellation() because that function may invoke the user-supplied callback which may free the transfer.
author: Artem Egorkine <arteme@gmail.com> 2008-06-17 18:27:38 -0500
committer: Daniel Drake <dsd@gentoo.org> 2008-06-17 18:27:38 -0500
commit: 546dee211eefbdd280fd1fc9dee84a9b52105078 (patch)
tree: db340d74af0df94849c2548ab3fe026eb3f2ce64
parent: 947ba8056456a5215724fb502e3e09d50016f699 (diff)
download: libusb-546dee211eefbdd280fd1fc9dee84a9b52105078.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/AUTHORS b/AUTHORS
index 6e17e37..86d9a3f 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -2,6 +2,7 @@ Copyright (C) 2007-2008 Daniel Drake <dsd@gentoo.org>
 Copyright (c) 2001 Johannes Erdfelt <johannes@erdfelt.com>
 
 Other contributors:
+Artem Egorkine
 David Engraf
 Rob Walker
 Vasily Khoruzhick
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index 2e9e0e2..95c3e25 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -1577,8 +1577,8 @@ static int handle_bulk_completion(struct usbi_transfer *itransfer,
 		if (tpriv->awaiting_reap == 0 && tpriv->awaiting_discard == 0) {
 			usbi_dbg("CANCEL: last URB handled, reporting");
 			if (tpriv->reap_action == CANCELLED) {
-				usbi_handle_transfer_cancellation(itransfer);
 				free(tpriv->urbs);
+				usbi_handle_transfer_cancellation(itransfer);
 				return 0;
 			} else if (tpriv->reap_action == COMPLETED_EARLY) {
 				goto out;
author	Artem Egorkine <arteme@gmail.com>	2008-06-17 18:27:38 -0500
committer	Daniel Drake <dsd@gentoo.org>	2008-06-17 18:27:38 -0500
commit	546dee211eefbdd280fd1fc9dee84a9b52105078 (patch)
tree	db340d74af0df94849c2548ab3fe026eb3f2ce64
parent	947ba8056456a5215724fb502e3e09d50016f699 (diff)
download	libusb-546dee211eefbdd280fd1fc9dee84a9b52105078.tar.gz