diff options
author | Hans de Goede <hdegoede@redhat.com> | 2014-05-30 11:38:07 +0200 |
---|---|---|
committer | Hans de Goede <hdegoede@redhat.com> | 2014-05-30 11:38:07 +0200 |
commit | d7e763e277db4ecafa66f20684ab751e680b0557 (patch) | |
tree | 9c8f6bfef4619a199089be2d200189125f2e6713 | |
parent | 8af0e460e1640f63b04d2a5db949dc88d890dff0 (diff) | |
download | libusb-d7e763e277db4ecafa66f20684ab751e680b0557.tar.gz |
linux_usbfs: op_handle_events: Protect against not finding the device-handle
We scan the list of open devices to find the device-handle based on the fd,
add a check to ensure that we've actually found the handle before continuing.
This fixes the following Coverity warning:
*** CID 62575: Explicit null dereferenced (FORWARD_NULL)
/libusb/os/linux_usbfs.c: 2594 in op_handle_events()
2588 hpriv = _device_handle_priv(handle);
2589 if (hpriv->fd == pollfd->fd)
2590 break;
2591 }
2592
2593 if (pollfd->revents & POLLERR) {
>>> CID 62575: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "hpriv".
2594 usbi_remove_pollfd(HANDLE_CTX(handle), hpriv->fd);
2595 usbi_handle_disconnect(handle);
2596 /* device will still be marked as attached if hotplug
monitor thread
2597 * hasn't processed remove event yet */
2598 usbi_mutex_static_lock(&linux_hotplug_lock);
2599 if (handle->dev->attached)
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-rw-r--r-- | libusb/os/linux_usbfs.c | 6 | ||||
-rw-r--r-- | libusb/version_nano.h | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c index 87e20a6..db21710 100644 --- a/libusb/os/linux_usbfs.c +++ b/libusb/os/linux_usbfs.c @@ -2590,6 +2590,12 @@ static int op_handle_events(struct libusb_context *ctx, break; } + if (!hpriv || hpriv->fd != pollfd->fd) { + usbi_err(ctx, "cannot find handle for fd %d\n", + pollfd->fd); + continue; + } + if (pollfd->revents & POLLERR) { usbi_remove_pollfd(HANDLE_CTX(handle), hpriv->fd); usbi_handle_disconnect(handle); diff --git a/libusb/version_nano.h b/libusb/version_nano.h index c938764..f17ff97 100644 --- a/libusb/version_nano.h +++ b/libusb/version_nano.h @@ -1 +1 @@ -#define LIBUSB_NANO 10896 +#define LIBUSB_NANO 10897 |