Code Review / openocd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
jtag/mpsse: fix SIGSEGV for use after free
[openocd.git] / src / jtag / drivers / mpsse.c
diff --git a/src/jtag/drivers/mpsse.c b/src/jtag/drivers/mpsse.c
index 7488d9dd877c65a97a8b88057a3299d25001e3de..0e3d2be0e0d778b1d06af6320a9fe6039bda5113 100644 (file)
--- a/src/jtag/drivers/mpsse.c
+++ b/src/jtag/drivers/mpsse.c
@@ -22,6 +22,7 @@
 
 #include "mpsse.h"
 #include "helper/log.h"
+#include "helper/replacements.h"
 #include "helper/time_support.h"
 #include <libusb.h>
 
@@ -62,8 +63,8 @@
 #define SIO_RESET_PURGE_TX 2
 
 struct mpsse_ctx {
-       libusb_context *usb_ctx;
-       libusb_device_handle *usb_dev;
+       struct libusb_context *usb_ctx;
+       struct libusb_device_handle *usb_dev;
        unsigned int usb_write_timeout;
        unsigned int usb_read_timeout;
        uint8_t in_ep;
@@ -85,7 +86,7 @@ struct mpsse_ctx {
 };
 
 /* Returns true if the string descriptor indexed by str_index in device matches string */
-static bool string_descriptor_equal(libusb_device_handle *device, uint8_t str_index,
+static bool string_descriptor_equal(struct libusb_device_handle *device, uint8_t str_index,
        const char *string)
 {
        int retval;
@@ -99,7 +100,7 @@ static bool string_descriptor_equal(libusb_device_handle *device, uint8_t str_in
        return strncmp(string, desc_string, sizeof(desc_string)) == 0;
 }
 
-static bool device_location_equal(libusb_device *device, const char *location)
+static bool device_location_equal(struct libusb_device *device, const char *location)
 {
        bool result = false;
 #ifdef HAVE_LIBUSB_GET_PORT_NUMBERS
@@ -118,7 +119,7 @@ static bool device_location_equal(libusb_device *device, const char *location)
        LOG_DEBUG("device path has %i steps", path_len);
 
        ptr = strtok(loc, "-:");
-       if (ptr == NULL) {
+       if (!ptr) {
                LOG_DEBUG("no ':' in path");
                goto done;
        }
@@ -130,7 +131,7 @@ static bool device_location_equal(libusb_device *device, const char *location)
        path_step = 0;
        while (path_step < 7) {
                ptr = strtok(NULL, ".,");
-               if (ptr == NULL) {
+               if (!ptr) {
                        LOG_DEBUG("no more tokens in path at step %i", path_step);
                        break;
                }
@@ -161,7 +162,7 @@ static bool device_location_equal(libusb_device *device, const char *location)
 static bool open_matching_device(struct mpsse_ctx *ctx, const uint16_t *vid, const uint16_t *pid,
        const char *product, const char *serial, const char *location)
 {
-       libusb_device **list;
+       struct libusb_device **list;
        struct libusb_device_descriptor desc;
        struct libusb_config_descriptor *config0;
        int err;
@@ -171,7 +172,7 @@ static bool open_matching_device(struct mpsse_ctx *ctx, const uint16_t *vid, con
                LOG_ERROR("libusb_get_device_list() failed with %s", libusb_error_name(cnt));
 
        for (ssize_t i = 0; i < cnt; i++) {
-               libusb_device *device = list[i];
+               struct libusb_device *device = list[i];
 
                err = libusb_get_device_descriptor(device, &desc);
                if (err != LIBUSB_SUCCESS) {
@@ -404,13 +405,10 @@ void mpsse_close(struct mpsse_ctx *ctx)
        if (ctx->usb_ctx)
                libusb_exit(ctx->usb_ctx);
        bit_copy_discard(&ctx->read_queue);
-       if (ctx->write_buffer)
-               free(ctx->write_buffer);
-       if (ctx->read_buffer)
-               free(ctx->read_buffer);
-       if (ctx->read_chunk)
-               free(ctx->read_chunk);
 
+       free(ctx->write_buffer);
+       free(ctx->read_buffer);
+       free(ctx->read_chunk);
        free(ctx);
 }
 
@@ -947,12 +945,12 @@ error_check:
                retval = ERROR_OK;
        }
 
+       if (retval != ERROR_OK)
+               mpsse_purge(ctx);
+
        libusb_free_transfer(write_transfer);
        if (read_transfer)
                libusb_free_transfer(read_transfer);
 
-       if (retval != ERROR_OK)
-               mpsse_purge(ctx);
-
        return retval;
 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)