CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2017/03/10 04:18:48
Modified files:
sys/dev/usb : ehci.c ohci.c uhci.c usbdi.c xhci.c
sys/dev/usb/dwc2: dwc2.c
Log message:
Fix a use-after-free when sending root hub control transfers.
*_root_ctrl_start() routines are synchronous and all end up calling
usb_transfer_complete() in the non-error case. After calling this
function it is unsafe to dereference ``xfer'' since the transfer
callback has been called. So returning USBD_IN_PROGRESS is wrong in
this case since transfers are always completed at this point.
So return USBD_NORMAL_COMPLETION or the corresponding error code if
something wrong happen.
