import libusbx-1.0.26-1.el9

This commit is contained in:
CentOS Sources 2022-09-27 10:32:13 -04:00 committed by Stepan Oksanichenko
parent 659d1096a1
commit 42738603da
6 changed files with 113 additions and 164 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libusb-1.0.25.tar.bz2
SOURCES/libusb-1.0.26.tar.bz2

View File

@ -1 +1 @@
490c33c303622af9b8bff521e6ed0818c64fa623 SOURCES/libusb-1.0.25.tar.bz2
0e25981dafb69729e5d976017d113410078f6f6d SOURCES/libusb-1.0.26.tar.bz2

View File

@ -1,24 +0,0 @@
From 2529a3fc4f987f93e0774af865ac7cb6557bd0c2 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Fri, 4 Feb 2022 22:50:28 +0100
Subject: [PATCH] core: Unset device ctx if it has been destroyed
Devices can outlive their context in some cases (in particular with
python garbage collection). Guard against this happening by clearing the
ctx pointer so that it is not pointing to uninitialized memory.
---
libusb/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libusb/core.c b/libusb/core.c
index 7893ac23..1c1ada14 100644
--- a/libusb/core.c
+++ b/libusb/core.c
@@ -2441,6 +2441,7 @@ void API_EXPORTED libusb_exit(libusb_context *ctx)
for_each_device(_ctx, dev) {
usbi_warn(_ctx, "device %d.%d still referenced",
dev->bus_number, dev->device_address);
+ DEVICE_CTX(dev) = NULL;
}
if (!list_empty(&_ctx->open_devs))

View File

@ -1,7 +1,7 @@
From 8420de903a99fb6bfae22a21b2636858f2212baa Mon Sep 17 00:00:00 2001
From 20b8e95bfc3a9c1be1752e65043a8ed9445fbbd2 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 15 Jul 2021 17:07:09 +0200
Subject: [PATCH 01/17] examples: Fix warning about uninitlised variable
Subject: [PATCH 01/18] examples: Fix warning about uninitlised variable
---
examples/fxload.c | 3 ++-
@ -22,10 +22,10 @@ index 541c3d3a3..85df69952 100644
unsigned int i, j;
unsigned vid = 0, pid = 0;
From 23dcbd0521c56fb7543c4f8f73a2a1a4de69aa5e Mon Sep 17 00:00:00 2001
From 0803cdc46314c70ad7f12a7c2d0b1df5b028a89d Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 15 Jul 2021 17:08:12 +0200
Subject: [PATCH 02/17] core: Add non-null annotations to avoid static analyser
Subject: [PATCH 02/18] core: Add non-null annotations to avoid static analyser
warnings
It is only valid to call these inline functions with non-null values.
@ -144,7 +144,7 @@ index 61cacc95a..ea09fa8d9 100644
struct libusb_transfer *transfer, unsigned int packet)
{
diff --git a/libusb/libusbi.h b/libusb/libusbi.h
index 158a9af58..6c924e548 100644
index b1fc88c99..db074160c 100644
--- a/libusb/libusbi.h
+++ b/libusb/libusbi.h
@@ -192,11 +192,13 @@ struct list_head {
@ -185,7 +185,7 @@ index 158a9af58..6c924e548 100644
static inline void list_cut(struct list_head *list, struct list_head *head)
{
if (list_empty(head)) {
@@ -755,10 +760,10 @@ struct usbi_hotplug_message {
@@ -773,10 +778,10 @@ struct usbi_hotplug_message {
/* shared data and functions */
@ -199,7 +199,7 @@ index 158a9af58..6c924e548 100644
void usbi_hotplug_process(struct libusb_context *ctx, struct list_head *hotplug_msgs);
int usbi_io_init(struct libusb_context *ctx);
@@ -789,7 +794,8 @@ struct usbi_event_source {
@@ -807,7 +812,8 @@ struct usbi_event_source {
int usbi_add_event_source(struct libusb_context *ctx, usbi_os_handle_t os_handle,
short poll_events);
@ -210,10 +210,10 @@ index 158a9af58..6c924e548 100644
struct usbi_option {
int is_set;
From ac527ddcb72e6cd43f2e9d6ae973e9352856dcaf Mon Sep 17 00:00:00 2001
From 3ba52d0d048214ee530c2343260965724291255a Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:21:09 +0100
Subject: [PATCH 03/17] core: Silence dereference warnings using assertions in
Subject: [PATCH 03/18] core: Silence dereference warnings using assertions in
list_del
It is guaranteed that entry->next and entry->prev are non-null for a
@ -224,7 +224,7 @@ though, so add an appropriate assert in case debug mode is enabled.
1 file changed, 4 insertions(+)
diff --git a/libusb/libusbi.h b/libusb/libusbi.h
index 6c924e548..faf6b5daf 100644
index db074160c..27de77aa9 100644
--- a/libusb/libusbi.h
+++ b/libusb/libusbi.h
@@ -222,6 +222,10 @@ static inline void list_add_tail(struct list_head *entry,
@ -239,10 +239,10 @@ index 6c924e548..faf6b5daf 100644
entry->prev->next = entry->next;
entry->next = entry->prev = NULL;
From f04d419c0e936333816c969605c2915d5592c328 Mon Sep 17 00:00:00 2001
From 70486056d5668c94ea3a1824541ff2f36f378d3e Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 15 Jul 2021 17:11:41 +0200
Subject: [PATCH 04/17] core: Fix incorrect free if reallocating to zero size
Subject: [PATCH 04/18] core: Fix incorrect free if reallocating to zero size
A realloc to a size of 0 is equivalent to a free call. As such, in that
case free'ing the original pointer would result in a double free. Fix
@ -252,7 +252,7 @@ this by adding a check that the new size if larger than zero.
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libusb/libusbi.h b/libusb/libusbi.h
index faf6b5daf..652d545ac 100644
index 27de77aa9..dabf77a9d 100644
--- a/libusb/libusbi.h
+++ b/libusb/libusbi.h
@@ -257,7 +257,14 @@ static inline void list_splice_front(struct list_head *list, struct list_head *h
@ -272,10 +272,10 @@ index faf6b5daf..652d545ac 100644
if (!ret)
free(ptr);
From 883b04fe516adb93a6a1df6c2b4b26e9a4de32be Mon Sep 17 00:00:00 2001
From 73f565261d9284d9f6b0081e3e23fd49773f53c7 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 15 Jul 2021 17:13:18 +0200
Subject: [PATCH 05/17] linux_usbfs: Work around static analyser thinking fd is
Subject: [PATCH 05/18] linux_usbfs: Work around static analyser thinking fd is
leaked
Static analysis using coverity is detecting the file descriptor handle
@ -291,7 +291,7 @@ pattern rather than returning from different places.
1 file changed, 30 insertions(+), 21 deletions(-)
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index c3006753d..fe6319ee9 100644
index 285d9caa7..1799a9ea0 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -904,7 +904,8 @@ static int initialize_device(struct libusb_device *dev, uint8_t busnum,
@ -413,10 +413,10 @@ index c3006753d..fe6319ee9 100644
return r;
}
From 06f4523117ffbe77fbc370a403cc274016867139 Mon Sep 17 00:00:00 2001
From f6cc8938c5ccf3556cfa54fe8e1d26e627995731 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:08:31 +0100
Subject: [PATCH 06/17] examples: Fix warning about NULL pointer dereference
Subject: [PATCH 06/18] examples: Fix warning about NULL pointer dereference
It seems like coverity is getting confused by the transfers being global
variables, thinking that img_transfer may become NULL again.
@ -446,10 +446,10 @@ index 682865053..4a871ee4f 100644
return -1;
}
From b2a2163b3893e57d839b5247072fcb2fdfd5d4e4 Mon Sep 17 00:00:00 2001
From c2257799e48351e4ac09bb40794f3c8559d93459 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:09:53 +0100
Subject: [PATCH 07/17] examples: Assert the data fits into our static buffer
Subject: [PATCH 07/18] examples: Assert the data fits into our static buffer
---
examples/ezusb.c | 2 ++
@ -476,10 +476,10 @@ index 4bed12a4c..0ea787190 100644
/* Read the target offset (address up to 64KB) */
tmp = buf[7];
From 13fbb9923e4ee5b6d9dfa13396e1faf5da13a2af Mon Sep 17 00:00:00 2001
From 9bd8bca34de151e191db4d33d717a36488f9a96e Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:11:28 +0100
Subject: [PATCH 08/17] core: Tell coverity that libusb_open does not free
Subject: [PATCH 08/18] core: Tell coverity that libusb_open does not free
Internally, libusb_open does an unref in an error case. coverity doesn't
seem to notice that this is balanced with the earlier ref, and thinks
@ -493,10 +493,10 @@ the error, but the code is idiomatic as-is.
1 file changed, 1 insertion(+)
diff --git a/libusb/core.c b/libusb/core.c
index 7893ac238..076c2bbbd 100644
index ec429b7cf..b9bf844ee 100644
--- a/libusb/core.c
+++ b/libusb/core.c
@@ -1293,6 +1293,7 @@ int API_EXPORTED libusb_wrap_sys_device(libusb_context *ctx, intptr_t sys_dev,
@@ -1294,6 +1294,7 @@ int API_EXPORTED libusb_wrap_sys_device(libusb_context *ctx, intptr_t sys_dev,
* \returns LIBUSB_ERROR_NO_DEVICE if the device has been disconnected
* \returns another LIBUSB_ERROR code on other failure
*/
@ -505,10 +505,10 @@ index 7893ac238..076c2bbbd 100644
libusb_device_handle **dev_handle)
{
From 1d576b41cfe229cbf98a3fc9aeb819562cccaaae Mon Sep 17 00:00:00 2001
From 88e1269900cb8a581d6335d758b713d71ecd8d8e Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:13:26 +0100
Subject: [PATCH 09/17] core: Remove unneeded bounds check
Subject: [PATCH 09/18] core: Remove unneeded bounds check
This makes the code slightly less efficient, but shuts up warnings that
the later switch ends up with dead error handling code.
@ -517,10 +517,10 @@ the later switch ends up with dead error handling code.
1 file changed, 4 deletions(-)
diff --git a/libusb/core.c b/libusb/core.c
index 076c2bbbd..73fb6524a 100644
index b9bf844ee..1643f9334 100644
--- a/libusb/core.c
+++ b/libusb/core.c
@@ -2201,10 +2201,6 @@ int API_EXPORTED libusb_set_option(libusb_context *ctx,
@@ -2202,10 +2202,6 @@ int API_EXPORTED libusb_set_option(libusb_context *ctx,
return r;
}
@ -532,10 +532,10 @@ index 076c2bbbd..73fb6524a 100644
usbi_mutex_static_lock(&default_context_lock);
default_context_options[option].is_set = 1;
From ca3e801e2f54308651a180e48e2381b5ed88eef1 Mon Sep 17 00:00:00 2001
From 1eb546e65aaca0c47615a275a961bbeb123c838e Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:15:16 +0100
Subject: [PATCH 10/17] descriptor: Avoid uninitialized memory warnings
Subject: [PATCH 10/18] descriptor: Avoid uninitialized memory warnings
The static analyzer has trouble understanding that get_config_descriptor
fills in the config descriptor. Just initializing the memory silences
@ -567,10 +567,10 @@ index 253ef1c31..dbcf061d9 100644
r = get_config_descriptor(dev, idx, _config.buf, sizeof(_config.buf));
if (r < 0)
From e7a0c0d507d662ad3661f52286452880ef75f488 Mon Sep 17 00:00:00 2001
From 0de57c4af4e637a0a8adfda9a907774add81c8ec Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:19:04 +0100
Subject: [PATCH 11/17] io: Suppress invalid free warning from coverity
Subject: [PATCH 11/18] io: Suppress invalid free warning from coverity
Coverity is not understanding the pointer arithmetic involved with the
transfer in-memory storage. As such, it flags the free as invalid, even
@ -581,10 +581,10 @@ warning.
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libusb/io.c b/libusb/io.c
index 0d2ac9ea2..d32cdc1bf 100644
index b919e9d91..a801ee6aa 100644
--- a/libusb/io.c
+++ b/libusb/io.c
@@ -1691,8 +1691,10 @@ int usbi_handle_transfer_completion(struct usbi_transfer *itransfer,
@@ -1696,8 +1696,10 @@ int usbi_handle_transfer_completion(struct usbi_transfer *itransfer,
transfer->callback(transfer);
/* transfer might have been freed by the above call, do not use from
* this point. */
@ -593,14 +593,14 @@ index 0d2ac9ea2..d32cdc1bf 100644
+ /* coverity[incorrect_free] is reported incorrectly here due to the memory layout */
libusb_free_transfer(transfer);
+ }
libusb_unref_device(dev_handle->dev);
return r;
}
From fc44484ef782bdb05880a26c502a7ea33c0eb72f Mon Sep 17 00:00:00 2001
From 5dad238771240a6aa8234ba42511fb422c79800c Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:20:27 +0100
Subject: [PATCH 12/17] io: Suppress missing unlock warning from coverity
Subject: [PATCH 12/18] io: Suppress missing unlock warning from coverity
The function is supposed to take the lock, as such, this is the expected
behaviour.
@ -609,10 +609,10 @@ behaviour.
1 file changed, 1 insertion(+)
diff --git a/libusb/io.c b/libusb/io.c
index d32cdc1bf..96bd22861 100644
index a801ee6aa..114087d94 100644
--- a/libusb/io.c
+++ b/libusb/io.c
@@ -1786,6 +1786,7 @@ int API_EXPORTED libusb_try_lock_events(libusb_context *ctx)
@@ -1790,6 +1790,7 @@ int API_EXPORTED libusb_try_lock_events(libusb_context *ctx)
return 1;
ctx->event_handler_active = 1;
@ -621,10 +621,10 @@ index d32cdc1bf..96bd22861 100644
}
From c97e4bb846f41a112262df668e9d8e449555f295 Mon Sep 17 00:00:00 2001
From 884b55a36ae4dfae6fda1120c948bcf17a333b95 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:23:45 +0100
Subject: [PATCH 13/17] events_posix: Silence warnings about zero-allocated
Subject: [PATCH 13/18] events_posix: Silence warnings about zero-allocated
memory
The static analyser got confused by the fact that fds may be NULL if
@ -653,10 +653,10 @@ index 715a2d551..172f8afe8 100644
if (!fds)
return LIBUSB_ERROR_NO_MEM;
From 7e9919314f82c61df6950390412ab3b80c84b707 Mon Sep 17 00:00:00 2001
From 4e2589b2e9981e5213fb4267550c10638f758add Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:25:40 +0100
Subject: [PATCH 14/17] linux_usbfs: Disable sleep workaround when using udev
Subject: [PATCH 14/18] linux_usbfs: Disable sleep workaround when using udev
The workaround to sleep 10ms if a device node has not yet been created
is definitely not needed with udev. I am not sure what the race looks
@ -670,7 +670,7 @@ code.
1 file changed, 3 insertions(+)
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index fe6319ee9..b4837895d 100644
index 1799a9ea0..481eff6ef 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -197,6 +197,8 @@ static int get_usbfs_fd(struct libusb_device *dev, mode_t mode, int silent)
@ -691,10 +691,10 @@ index fe6319ee9..b4837895d 100644
if (!silent) {
usbi_err(ctx, "libusb couldn't open USB device %s, errno=%d", path, errno);
From 126aacee12b49ed525534a81ad830db692654ba0 Mon Sep 17 00:00:00 2001
From d237b8cca6c33e237da69ee096232d216f9202a8 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:29:35 +0100
Subject: [PATCH 15/17] linux_usbfs: Silence coverity warnings about returned
Subject: [PATCH 15/18] linux_usbfs: Silence coverity warnings about returned
offset
The seek_to_next_config function returns an offset. This was marked as
@ -705,7 +705,7 @@ surrounding code. Mark the return value to silence the warnings.
1 file changed, 1 insertion(+)
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index b4837895d..ba55913f0 100644
index 481eff6ef..d95ed3bea 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -638,6 +638,7 @@ int linux_get_device_address(struct libusb_context *ctx, int detached,
@ -717,10 +717,10 @@ index b4837895d..ba55913f0 100644
uint8_t *buffer, size_t len)
{
From 42679d2d8573dfc27b9c78f832749728997a516b Mon Sep 17 00:00:00 2001
From ea73414f3309a908d2819991580b080cabca17eb Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 9 Feb 2022 19:31:44 +0100
Subject: [PATCH 16/17] linux_usbfs: Silence coverity warning about missing
Subject: [PATCH 16/18] linux_usbfs: Silence coverity warning about missing
locking
The reap_status field is locked in most cases when it is accessed.
@ -733,7 +733,7 @@ As such, add an appropriate comment to silence the warning.
1 file changed, 1 insertion(+)
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index ba55913f0..2e65d66ce 100644
index d95ed3bea..35cc54ab5 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -1984,6 +1984,7 @@ static int submit_bulk_transfer(struct usbi_transfer *itransfer)
@ -745,10 +745,10 @@ index ba55913f0..2e65d66ce 100644
for (i = 0; i < num_urbs; i++) {
From 38cff7a438f7a00d76aa03cc1c35f6be395c167d Mon Sep 17 00:00:00 2001
From 3c792a9b21ec07d9a3f369b9a79eec1e0f999823 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 10 Feb 2022 10:51:11 +0100
Subject: [PATCH 17/17] core: Silence coverity by handling long log messages in
Subject: [PATCH 17/18] core: Silence coverity by handling long log messages in
one statement
Having two statements seems to confuse coverity. Having two checks right
@ -759,10 +759,10 @@ that the static analyzer is not getting confused.
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/libusb/core.c b/libusb/core.c
index 73fb6524a..03adcb758 100644
index 1643f9334..359500a9a 100644
--- a/libusb/core.c
+++ b/libusb/core.c
@@ -2629,16 +2629,13 @@ static void log_v(struct libusb_context *ctx, enum libusb_log_level level,
@@ -2641,16 +2641,13 @@ static void log_v(struct libusb_context *ctx, enum libusb_log_level level,
header_len = 0;
}
@ -784,3 +784,39 @@ index 73fb6524a..03adcb758 100644
}
strcpy(buf + header_len + text_len, USBI_LOG_LINE_END);
From c6033e4f7f30a0ee1d872dc11ec461b812b5e4e6 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 31 Mar 2022 11:49:11 +0200
Subject: [PATCH 18/18] linux: Avoid NULL pointer dereference warning from gcc
This warning is a false positive. It occurs because the HANDLE_CTX
checks whether the passed device handle is non-NULL, returning NULL if
it is. However, in these cases the handle is guaranteed to not be NULL
and adding an explicit non-NULL check does not avoid the warning.
---
libusb/os/linux_usbfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index 35cc54ab5..6e3ea49af 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -1433,7 +1433,7 @@ static void op_close(struct libusb_device_handle *dev_handle)
/* fd may have already been removed by POLLERR condition in op_handle_events() */
if (!hpriv->fd_removed)
- usbi_remove_event_source(HANDLE_CTX(dev_handle), hpriv->fd);
+ usbi_remove_event_source(DEVICE_CTX(dev_handle->dev), hpriv->fd);
if (!hpriv->fd_keep)
close(hpriv->fd);
}
@@ -2736,7 +2736,7 @@ static int op_handle_events(struct libusb_context *ctx,
/* remove the fd from the pollfd set so that it doesn't continuously
* trigger an event, and flag that it has been removed so op_close()
* doesn't try to remove it a second time */
- usbi_remove_event_source(HANDLE_CTX(handle), hpriv->fd);
+ usbi_remove_event_source(DEVICE_CTX(handle->dev), hpriv->fd);
hpriv->fd_removed = 1;
/* device will still be marked as attached if hotplug monitor thread

View File

@ -1,72 +0,0 @@
From bf833ee6adf58bd4a4a468aa729cdc78bdc13ede Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Tue, 15 Feb 2022 11:13:41 +0100
Subject: [PATCH 1/2] core: Catch NULL dev_handle when getting a transfer's
context
The dev_handle will be set to NULL when the transfer is still in-flight
while the device is closed. In that case, the transfer free function
will try to access the context and would run into a NULL pointer
dereference.
Add a test for dev_handle being valid before dereferencing it further.
---
libusb/libusbi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libusb/libusbi.h b/libusb/libusbi.h
index 158a9af5..dde43df2 100644
--- a/libusb/libusbi.h
+++ b/libusb/libusbi.h
@@ -330,7 +330,7 @@ void usbi_log(struct libusb_context *ctx, enum libusb_log_level level,
#define DEVICE_CTX(dev) ((dev)->ctx)
#define HANDLE_CTX(handle) (DEVICE_CTX((handle)->dev))
-#define TRANSFER_CTX(transfer) (HANDLE_CTX((transfer)->dev_handle))
+#define TRANSFER_CTX(transfer) ((transfer)->dev_handle ? HANDLE_CTX((transfer)->dev_handle) : NULL)
#define ITRANSFER_CTX(itransfer) \
(TRANSFER_CTX(USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer)))
From 6428090ea77dfb80906a146977ea7fd6de4718c8 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Tue, 15 Feb 2022 10:59:00 +0100
Subject: [PATCH 2/2] io: Unset dev_handle when removing transfer from flying
list
API users might hold on to transfers a bit longer than they are in the
flying list. If they then close the device prior to freeing all
transfers, we would end up with invalid pointers to the device.
Fix this by setting the device handle to NULL when removing the device
from the flying list. This matches the behaviour when the device is
closed while the transfer is still in the flying list.
Specifically, the libgusb wrapper will currently only free the
underlying transfer in a later mainloop iteration (as a side effect on
how GTask does memory management). It is possible to fix this, but it
would make memory management within libgusb much more error prone.
---
libusb/io.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libusb/io.c b/libusb/io.c
index 0d2ac9ea..4e6d8984 100644
--- a/libusb/io.c
+++ b/libusb/io.c
@@ -1456,6 +1456,7 @@ static int add_to_flying_list(struct usbi_transfer *itransfer)
* if it fails to update the timer for the next timeout. */
static int remove_from_flying_list(struct usbi_transfer *itransfer)
{
+ struct libusb_transfer *transfer = USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
struct libusb_context *ctx = ITRANSFER_CTX(itransfer);
int rearm_timer;
int r = 0;
@@ -1466,6 +1467,7 @@ static int remove_from_flying_list(struct usbi_transfer *itransfer)
list_del(&itransfer->list);
if (rearm_timer)
r = arm_timer_for_next_timeout(ctx);
+ transfer->dev_handle = NULL;
usbi_mutex_unlock(&ctx->flying_transfers_lock);
return r;

View File

@ -1,27 +1,23 @@
Summary: Library for accessing USB devices
Name: libusbx
Version: 1.0.25
Release: 2%{?dist}
%define upstream 1.0.26
Version: %( echo %{upstream} | sed s/-/~/ )
Release: 1%{?dist}
# upstream libusbx has merged back with libusb and is now called libusb again
# but we already have a libusb package for the old libusb-compat-0.1, renaming
# that to libusb-compat while at the same time giving this its name is a bit
# tricky, lets stick with the libusbx name for now
Source0: https://github.com/libusb/libusb/releases/download/v%{version}/libusb-%{version}.tar.bz2
Source0: https://github.com/libusb/libusb/releases/download/v%{upstream}/libusb-%{upstream}.tar.bz2
License: LGPLv2+
URL: http://libusb.info
BuildRequires: systemd-devel doxygen libtool
BuildRequires: make
BuildRequires: make
#BuildRequires: umockdev-devel >= 0.16.0
Provides: libusb1 = %{version}-%{release}
Obsoletes: libusb1 <= 1.0.9
# Fix a crash after libusb_exit API has been misused
# https://bugzilla.redhat.com/show_bug.cgi?id=2050638
Patch0001: https://github.com/libusb/libusb/pull/1058.patch
# Fix a crash if a transfer outlives closing the device
Patch0002: https://github.com/libusb/libusb/pull/1073.patch
# Pull in coverity related fixes
Patch9999: https://github.com/libusb/libusb/pull/1067.patch
Patch9991: https://github.com/libusb/libusb/pull/1067.patch
%description
This package provides a way for applications to access USB devices.
@ -65,7 +61,7 @@ This package contains tests and examples for %{name}.
%prep
%autosetup -p1 -n libusb-%{version}
%autosetup -p1 -n libusb-%{upstream}
chmod -x examples/*.c
mkdir -p m4
@ -85,6 +81,7 @@ popd
%{make_install}
mkdir -p $RPM_BUILD_ROOT%{_bindir}
install -m 755 tests/.libs/stress $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress
#install -m 755 tests/.libs/umockdev $RPM_BUILD_ROOT%{_bindir}/libusb-test-umockdev
install -m 755 examples/.libs/testlibusb \
$RPM_BUILD_ROOT%{_bindir}/libusb-test-libusb
# Some examples are very device-specific / require specific hw and miss --help
@ -99,6 +96,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
%check
LD_LIBRARY_PATH=libusb/.libs ldd $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress
LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress
#LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-umockdev
LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-libusb
LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-example-listdevs
@ -124,10 +122,21 @@ LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-example-listdevs
%{_bindir}/libusb-example-listdevs
%{_bindir}/libusb-example-xusb
%{_bindir}/libusb-test-stress
#%{_bindir}/libusb-test-umockdev
%{_bindir}/libusb-test-libusb
%changelog
* Tue Apr 12 2022 Benjamin Berg <bberg@redhat.com> - 1.0.26
- Pull in new upstream libusb containing important regression fixes
Resolves: #2058730
Resolves: #1938801
* Mon Feb 28 2022 Benjamin Berg <bberg@redhat.com> - 1.0.25-3
- Updated and new regression fixes
Resolves: #2058730
Related: #1938801
* Tue Feb 15 2022 Benjamin Berg <bberg@redhat.com> - 1.0.25-2
- Fix a crash if a transfer outlives closing the device
Related: #1938801