Module Name: src
Committed By: cegger
Date: Fri Sep 3 23:15:09 UTC 2010
Modified Files:
src/sys/dev/usb: usbdi.c
Log Message:
fix NULL pointer dereference on detaching:
Attach an USB device that looks like this:
ugen1 at uhub0 port 2
ugen1: detached
ugen1: at uhub0 port 2 (addr 3) disconnected
When unplugging the device:
usb_transfer_complete: xfer=0xffff80000832a800 not busy 0x00000055
usb_transfer_complete: bad dequeue 0xffff80000832a800 != 0x0
To generate a diff of this commit:
cvs rdiff -u -r1.127 -r1.128 src/sys/dev/usb/usbdi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/usb/usbdi.c
diff -u src/sys/dev/usb/usbdi.c:1.127 src/sys/dev/usb/usbdi.c:1.128
--- src/sys/dev/usb/usbdi.c:1.127 Sat Jan 16 17:03:03 2010
+++ src/sys/dev/usb/usbdi.c Fri Sep 3 23:15:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: usbdi.c,v 1.127 2010/01/16 17:03:03 bouyer Exp $ */
+/* $NetBSD: usbdi.c,v 1.128 2010/09/03 23:15:09 cegger Exp $ */
/* $FreeBSD: src/sys/dev/usb/usbdi.c,v 1.28 1999/11/17 22:33:49 n_hibma Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.127 2010/01/16 17:03:03 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.128 2010/09/03 23:15:09 cegger Exp $");
#include "opt_compat_netbsd.h"
@@ -800,7 +800,8 @@
xfer, SIMPLEQ_FIRST(&pipe->queue));
xfer->busy_free = XFER_BUSY;
#endif
- SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
+ if (SIMPLEQ_FIRST(&pipe->queue) != NULL)
+ SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
}
DPRINTFN(5,("usb_transfer_complete: repeat=%d new head=%p\n",
repeat, SIMPLEQ_FIRST(&pipe->queue)));
