thodg/cgminer

Browse

Commit c0690286481750aa55b894c1d89b041c92788c2c

Con Kolivas 2013-10-12T17:44:28

Free a libusb transfer after we have finished using it to avoid a dereference in usb_control_transfer 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/usbutils.c b/usbutils.c
index 7dce348..2ec6df5 100644
--- a/usbutils.c
+++ b/usbutils.c
@@ -2245,7 +2245,6 @@ static int callback_wait(struct usb_transfer *ut, int *transferred, unsigned int
 
 	/* No need to sort out mutexes here since they won't be reused */
 	*transferred = transfer->actual_length;
-	libusb_free_transfer(transfer);
 
 	return ret;
 }
@@ -2296,6 +2295,7 @@ usb_bulk_transfer(struct libusb_device_handle *dev_handle, int intinfo,
 	errn = errno;
 	if (!err)
 		err = callback_wait(&ut, transferred, timeout);
+	libusb_free_transfer(ut.transfer);
 
 	STATS_TIMEVAL(&tv_finish);
 	USB_STATS(cgpu, &tv_start, &tv_finish, err, mode, cmd, seq, timeout);
@@ -2728,10 +2728,13 @@ static int usb_control_transfer(libusb_device_handle *dev_handle, uint8_t bmRequ
 		unsigned char *ofbuf = libusb_control_transfer_get_data(ut.transfer);
 
 		memcpy(buffer, ofbuf, transferred);
-		return transferred;
+		err = transferred;
+		goto out;
 	}
 	if ((err) == LIBUSB_TRANSFER_CANCELLED)
 		err = LIBUSB_ERROR_TIMEOUT;
+out:
+	libusb_free_transfer(ut.transfer);
 	return err;
 }
kmx.io     mail     discord kmxgit v0.4.0