diff --git a/.gitignore b/.gitignore index a5a47c6..9816fe4 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,6 @@ /libusb-1.0.23.tar.bz2 /libusb-1.0.24.tar.bz2 /libusb-1.0.25.tar.bz2 +/libusb-1.0.25-rc1.tar.bz2 +/libusb-1.0.26-rc1.tar.bz2 +/libusb-1.0.26.tar.bz2 diff --git a/1058.patch b/1058.patch deleted file mode 100644 index d504455..0000000 --- a/1058.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2529a3fc4f987f93e0774af865ac7cb6557bd0c2 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Fri, 4 Feb 2022 22:50:28 +0100 -Subject: [PATCH] core: Unset device ctx if it has been destroyed - -Devices can outlive their context in some cases (in particular with -python garbage collection). Guard against this happening by clearing the -ctx pointer so that it is not pointing to uninitialized memory. ---- - libusb/core.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libusb/core.c b/libusb/core.c -index 7893ac23..1c1ada14 100644 ---- a/libusb/core.c -+++ b/libusb/core.c -@@ -2441,6 +2441,7 @@ void API_EXPORTED libusb_exit(libusb_context *ctx) - for_each_device(_ctx, dev) { - usbi_warn(_ctx, "device %d.%d still referenced", - dev->bus_number, dev->device_address); -+ DEVICE_CTX(dev) = NULL; - } - - if (!list_empty(&_ctx->open_devs)) diff --git a/1067.patch b/1067.patch index 81a1333..2f63812 100644 --- a/1067.patch +++ b/1067.patch @@ -1,7 +1,7 @@ -From 8420de903a99fb6bfae22a21b2636858f2212baa Mon Sep 17 00:00:00 2001 +From 20b8e95bfc3a9c1be1752e65043a8ed9445fbbd2 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 15 Jul 2021 17:07:09 +0200 -Subject: [PATCH 01/17] examples: Fix warning about uninitlised variable +Subject: [PATCH 01/18] examples: Fix warning about uninitlised variable --- examples/fxload.c | 3 ++- @@ -22,10 +22,10 @@ index 541c3d3a3..85df69952 100644 unsigned int i, j; unsigned vid = 0, pid = 0; -From 23dcbd0521c56fb7543c4f8f73a2a1a4de69aa5e Mon Sep 17 00:00:00 2001 +From 0803cdc46314c70ad7f12a7c2d0b1df5b028a89d Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 15 Jul 2021 17:08:12 +0200 -Subject: [PATCH 02/17] core: Add non-null annotations to avoid static analyser +Subject: [PATCH 02/18] core: Add non-null annotations to avoid static analyser warnings It is only valid to call these inline functions with non-null values. @@ -144,7 +144,7 @@ index 61cacc95a..ea09fa8d9 100644 struct libusb_transfer *transfer, unsigned int packet) { diff --git a/libusb/libusbi.h b/libusb/libusbi.h -index 158a9af58..6c924e548 100644 +index b1fc88c99..db074160c 100644 --- a/libusb/libusbi.h +++ b/libusb/libusbi.h @@ -192,11 +192,13 @@ struct list_head { @@ -185,7 +185,7 @@ index 158a9af58..6c924e548 100644 static inline void list_cut(struct list_head *list, struct list_head *head) { if (list_empty(head)) { -@@ -755,10 +760,10 @@ struct usbi_hotplug_message { +@@ -773,10 +778,10 @@ struct usbi_hotplug_message { /* shared data and functions */ @@ -199,7 +199,7 @@ index 158a9af58..6c924e548 100644 void usbi_hotplug_process(struct libusb_context *ctx, struct list_head *hotplug_msgs); int usbi_io_init(struct libusb_context *ctx); -@@ -789,7 +794,8 @@ struct usbi_event_source { +@@ -807,7 +812,8 @@ struct usbi_event_source { int usbi_add_event_source(struct libusb_context *ctx, usbi_os_handle_t os_handle, short poll_events); @@ -210,10 +210,10 @@ index 158a9af58..6c924e548 100644 struct usbi_option { int is_set; -From ac527ddcb72e6cd43f2e9d6ae973e9352856dcaf Mon Sep 17 00:00:00 2001 +From 3ba52d0d048214ee530c2343260965724291255a Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:21:09 +0100 -Subject: [PATCH 03/17] core: Silence dereference warnings using assertions in +Subject: [PATCH 03/18] core: Silence dereference warnings using assertions in list_del It is guaranteed that entry->next and entry->prev are non-null for a @@ -224,7 +224,7 @@ though, so add an appropriate assert in case debug mode is enabled. 1 file changed, 4 insertions(+) diff --git a/libusb/libusbi.h b/libusb/libusbi.h -index 6c924e548..faf6b5daf 100644 +index db074160c..27de77aa9 100644 --- a/libusb/libusbi.h +++ b/libusb/libusbi.h @@ -222,6 +222,10 @@ static inline void list_add_tail(struct list_head *entry, @@ -239,10 +239,10 @@ index 6c924e548..faf6b5daf 100644 entry->prev->next = entry->next; entry->next = entry->prev = NULL; -From f04d419c0e936333816c969605c2915d5592c328 Mon Sep 17 00:00:00 2001 +From 70486056d5668c94ea3a1824541ff2f36f378d3e Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 15 Jul 2021 17:11:41 +0200 -Subject: [PATCH 04/17] core: Fix incorrect free if reallocating to zero size +Subject: [PATCH 04/18] core: Fix incorrect free if reallocating to zero size A realloc to a size of 0 is equivalent to a free call. As such, in that case free'ing the original pointer would result in a double free. Fix @@ -252,7 +252,7 @@ this by adding a check that the new size if larger than zero. 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libusb/libusbi.h b/libusb/libusbi.h -index faf6b5daf..652d545ac 100644 +index 27de77aa9..dabf77a9d 100644 --- a/libusb/libusbi.h +++ b/libusb/libusbi.h @@ -257,7 +257,14 @@ static inline void list_splice_front(struct list_head *list, struct list_head *h @@ -272,10 +272,10 @@ index faf6b5daf..652d545ac 100644 if (!ret) free(ptr); -From 883b04fe516adb93a6a1df6c2b4b26e9a4de32be Mon Sep 17 00:00:00 2001 +From 73f565261d9284d9f6b0081e3e23fd49773f53c7 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 15 Jul 2021 17:13:18 +0200 -Subject: [PATCH 05/17] linux_usbfs: Work around static analyser thinking fd is +Subject: [PATCH 05/18] linux_usbfs: Work around static analyser thinking fd is leaked Static analysis using coverity is detecting the file descriptor handle @@ -291,7 +291,7 @@ pattern rather than returning from different places. 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c -index c3006753d..fe6319ee9 100644 +index 285d9caa7..1799a9ea0 100644 --- a/libusb/os/linux_usbfs.c +++ b/libusb/os/linux_usbfs.c @@ -904,7 +904,8 @@ static int initialize_device(struct libusb_device *dev, uint8_t busnum, @@ -413,10 +413,10 @@ index c3006753d..fe6319ee9 100644 return r; } -From 06f4523117ffbe77fbc370a403cc274016867139 Mon Sep 17 00:00:00 2001 +From f6cc8938c5ccf3556cfa54fe8e1d26e627995731 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:08:31 +0100 -Subject: [PATCH 06/17] examples: Fix warning about NULL pointer dereference +Subject: [PATCH 06/18] examples: Fix warning about NULL pointer dereference It seems like coverity is getting confused by the transfers being global variables, thinking that img_transfer may become NULL again. @@ -446,10 +446,10 @@ index 682865053..4a871ee4f 100644 return -1; } -From b2a2163b3893e57d839b5247072fcb2fdfd5d4e4 Mon Sep 17 00:00:00 2001 +From c2257799e48351e4ac09bb40794f3c8559d93459 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:09:53 +0100 -Subject: [PATCH 07/17] examples: Assert the data fits into our static buffer +Subject: [PATCH 07/18] examples: Assert the data fits into our static buffer --- examples/ezusb.c | 2 ++ @@ -476,10 +476,10 @@ index 4bed12a4c..0ea787190 100644 /* Read the target offset (address up to 64KB) */ tmp = buf[7]; -From 13fbb9923e4ee5b6d9dfa13396e1faf5da13a2af Mon Sep 17 00:00:00 2001 +From 9bd8bca34de151e191db4d33d717a36488f9a96e Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:11:28 +0100 -Subject: [PATCH 08/17] core: Tell coverity that libusb_open does not free +Subject: [PATCH 08/18] core: Tell coverity that libusb_open does not free Internally, libusb_open does an unref in an error case. coverity doesn't seem to notice that this is balanced with the earlier ref, and thinks @@ -493,10 +493,10 @@ the error, but the code is idiomatic as-is. 1 file changed, 1 insertion(+) diff --git a/libusb/core.c b/libusb/core.c -index 7893ac238..076c2bbbd 100644 +index ec429b7cf..b9bf844ee 100644 --- a/libusb/core.c +++ b/libusb/core.c -@@ -1293,6 +1293,7 @@ int API_EXPORTED libusb_wrap_sys_device(libusb_context *ctx, intptr_t sys_dev, +@@ -1294,6 +1294,7 @@ int API_EXPORTED libusb_wrap_sys_device(libusb_context *ctx, intptr_t sys_dev, * \returns LIBUSB_ERROR_NO_DEVICE if the device has been disconnected * \returns another LIBUSB_ERROR code on other failure */ @@ -505,10 +505,10 @@ index 7893ac238..076c2bbbd 100644 libusb_device_handle **dev_handle) { -From 1d576b41cfe229cbf98a3fc9aeb819562cccaaae Mon Sep 17 00:00:00 2001 +From 88e1269900cb8a581d6335d758b713d71ecd8d8e Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:13:26 +0100 -Subject: [PATCH 09/17] core: Remove unneeded bounds check +Subject: [PATCH 09/18] core: Remove unneeded bounds check This makes the code slightly less efficient, but shuts up warnings that the later switch ends up with dead error handling code. @@ -517,10 +517,10 @@ the later switch ends up with dead error handling code. 1 file changed, 4 deletions(-) diff --git a/libusb/core.c b/libusb/core.c -index 076c2bbbd..73fb6524a 100644 +index b9bf844ee..1643f9334 100644 --- a/libusb/core.c +++ b/libusb/core.c -@@ -2201,10 +2201,6 @@ int API_EXPORTED libusb_set_option(libusb_context *ctx, +@@ -2202,10 +2202,6 @@ int API_EXPORTED libusb_set_option(libusb_context *ctx, return r; } @@ -532,10 +532,10 @@ index 076c2bbbd..73fb6524a 100644 usbi_mutex_static_lock(&default_context_lock); default_context_options[option].is_set = 1; -From ca3e801e2f54308651a180e48e2381b5ed88eef1 Mon Sep 17 00:00:00 2001 +From 1eb546e65aaca0c47615a275a961bbeb123c838e Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:15:16 +0100 -Subject: [PATCH 10/17] descriptor: Avoid uninitialized memory warnings +Subject: [PATCH 10/18] descriptor: Avoid uninitialized memory warnings The static analyzer has trouble understanding that get_config_descriptor fills in the config descriptor. Just initializing the memory silences @@ -567,10 +567,10 @@ index 253ef1c31..dbcf061d9 100644 r = get_config_descriptor(dev, idx, _config.buf, sizeof(_config.buf)); if (r < 0) -From e7a0c0d507d662ad3661f52286452880ef75f488 Mon Sep 17 00:00:00 2001 +From 0de57c4af4e637a0a8adfda9a907774add81c8ec Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:19:04 +0100 -Subject: [PATCH 11/17] io: Suppress invalid free warning from coverity +Subject: [PATCH 11/18] io: Suppress invalid free warning from coverity Coverity is not understanding the pointer arithmetic involved with the transfer in-memory storage. As such, it flags the free as invalid, even @@ -581,10 +581,10 @@ warning. 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libusb/io.c b/libusb/io.c -index 0d2ac9ea2..d32cdc1bf 100644 +index b919e9d91..a801ee6aa 100644 --- a/libusb/io.c +++ b/libusb/io.c -@@ -1691,8 +1691,10 @@ int usbi_handle_transfer_completion(struct usbi_transfer *itransfer, +@@ -1696,8 +1696,10 @@ int usbi_handle_transfer_completion(struct usbi_transfer *itransfer, transfer->callback(transfer); /* transfer might have been freed by the above call, do not use from * this point. */ @@ -593,14 +593,14 @@ index 0d2ac9ea2..d32cdc1bf 100644 + /* coverity[incorrect_free] is reported incorrectly here due to the memory layout */ libusb_free_transfer(transfer); + } - libusb_unref_device(dev_handle->dev); return r; } + -From fc44484ef782bdb05880a26c502a7ea33c0eb72f Mon Sep 17 00:00:00 2001 +From 5dad238771240a6aa8234ba42511fb422c79800c Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:20:27 +0100 -Subject: [PATCH 12/17] io: Suppress missing unlock warning from coverity +Subject: [PATCH 12/18] io: Suppress missing unlock warning from coverity The function is supposed to take the lock, as such, this is the expected behaviour. @@ -609,10 +609,10 @@ behaviour. 1 file changed, 1 insertion(+) diff --git a/libusb/io.c b/libusb/io.c -index d32cdc1bf..96bd22861 100644 +index a801ee6aa..114087d94 100644 --- a/libusb/io.c +++ b/libusb/io.c -@@ -1786,6 +1786,7 @@ int API_EXPORTED libusb_try_lock_events(libusb_context *ctx) +@@ -1790,6 +1790,7 @@ int API_EXPORTED libusb_try_lock_events(libusb_context *ctx) return 1; ctx->event_handler_active = 1; @@ -621,10 +621,10 @@ index d32cdc1bf..96bd22861 100644 } -From c97e4bb846f41a112262df668e9d8e449555f295 Mon Sep 17 00:00:00 2001 +From 884b55a36ae4dfae6fda1120c948bcf17a333b95 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:23:45 +0100 -Subject: [PATCH 13/17] events_posix: Silence warnings about zero-allocated +Subject: [PATCH 13/18] events_posix: Silence warnings about zero-allocated memory The static analyser got confused by the fact that fds may be NULL if @@ -653,10 +653,10 @@ index 715a2d551..172f8afe8 100644 if (!fds) return LIBUSB_ERROR_NO_MEM; -From 7e9919314f82c61df6950390412ab3b80c84b707 Mon Sep 17 00:00:00 2001 +From 4e2589b2e9981e5213fb4267550c10638f758add Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:25:40 +0100 -Subject: [PATCH 14/17] linux_usbfs: Disable sleep workaround when using udev +Subject: [PATCH 14/18] linux_usbfs: Disable sleep workaround when using udev The workaround to sleep 10ms if a device node has not yet been created is definitely not needed with udev. I am not sure what the race looks @@ -670,7 +670,7 @@ code. 1 file changed, 3 insertions(+) diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c -index fe6319ee9..b4837895d 100644 +index 1799a9ea0..481eff6ef 100644 --- a/libusb/os/linux_usbfs.c +++ b/libusb/os/linux_usbfs.c @@ -197,6 +197,8 @@ static int get_usbfs_fd(struct libusb_device *dev, mode_t mode, int silent) @@ -691,10 +691,10 @@ index fe6319ee9..b4837895d 100644 if (!silent) { usbi_err(ctx, "libusb couldn't open USB device %s, errno=%d", path, errno); -From 126aacee12b49ed525534a81ad830db692654ba0 Mon Sep 17 00:00:00 2001 +From d237b8cca6c33e237da69ee096232d216f9202a8 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:29:35 +0100 -Subject: [PATCH 15/17] linux_usbfs: Silence coverity warnings about returned +Subject: [PATCH 15/18] linux_usbfs: Silence coverity warnings about returned offset The seek_to_next_config function returns an offset. This was marked as @@ -705,7 +705,7 @@ surrounding code. Mark the return value to silence the warnings. 1 file changed, 1 insertion(+) diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c -index b4837895d..ba55913f0 100644 +index 481eff6ef..d95ed3bea 100644 --- a/libusb/os/linux_usbfs.c +++ b/libusb/os/linux_usbfs.c @@ -638,6 +638,7 @@ int linux_get_device_address(struct libusb_context *ctx, int detached, @@ -717,10 +717,10 @@ index b4837895d..ba55913f0 100644 uint8_t *buffer, size_t len) { -From 42679d2d8573dfc27b9c78f832749728997a516b Mon Sep 17 00:00:00 2001 +From ea73414f3309a908d2819991580b080cabca17eb Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 9 Feb 2022 19:31:44 +0100 -Subject: [PATCH 16/17] linux_usbfs: Silence coverity warning about missing +Subject: [PATCH 16/18] linux_usbfs: Silence coverity warning about missing locking The reap_status field is locked in most cases when it is accessed. @@ -733,7 +733,7 @@ As such, add an appropriate comment to silence the warning. 1 file changed, 1 insertion(+) diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c -index ba55913f0..2e65d66ce 100644 +index d95ed3bea..35cc54ab5 100644 --- a/libusb/os/linux_usbfs.c +++ b/libusb/os/linux_usbfs.c @@ -1984,6 +1984,7 @@ static int submit_bulk_transfer(struct usbi_transfer *itransfer) @@ -745,10 +745,10 @@ index ba55913f0..2e65d66ce 100644 for (i = 0; i < num_urbs; i++) { -From 38cff7a438f7a00d76aa03cc1c35f6be395c167d Mon Sep 17 00:00:00 2001 +From 3c792a9b21ec07d9a3f369b9a79eec1e0f999823 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 10 Feb 2022 10:51:11 +0100 -Subject: [PATCH 17/17] core: Silence coverity by handling long log messages in +Subject: [PATCH 17/18] core: Silence coverity by handling long log messages in one statement Having two statements seems to confuse coverity. Having two checks right @@ -759,10 +759,10 @@ that the static analyzer is not getting confused. 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/libusb/core.c b/libusb/core.c -index 73fb6524a..03adcb758 100644 +index 1643f9334..359500a9a 100644 --- a/libusb/core.c +++ b/libusb/core.c -@@ -2629,16 +2629,13 @@ static void log_v(struct libusb_context *ctx, enum libusb_log_level level, +@@ -2641,16 +2641,13 @@ static void log_v(struct libusb_context *ctx, enum libusb_log_level level, header_len = 0; } @@ -784,3 +784,39 @@ index 73fb6524a..03adcb758 100644 } strcpy(buf + header_len + text_len, USBI_LOG_LINE_END); + +From c6033e4f7f30a0ee1d872dc11ec461b812b5e4e6 Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Thu, 31 Mar 2022 11:49:11 +0200 +Subject: [PATCH 18/18] linux: Avoid NULL pointer dereference warning from gcc + +This warning is a false positive. It occurs because the HANDLE_CTX +checks whether the passed device handle is non-NULL, returning NULL if +it is. However, in these cases the handle is guaranteed to not be NULL +and adding an explicit non-NULL check does not avoid the warning. +--- + libusb/os/linux_usbfs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c +index 35cc54ab5..6e3ea49af 100644 +--- a/libusb/os/linux_usbfs.c ++++ b/libusb/os/linux_usbfs.c +@@ -1433,7 +1433,7 @@ static void op_close(struct libusb_device_handle *dev_handle) + + /* fd may have already been removed by POLLERR condition in op_handle_events() */ + if (!hpriv->fd_removed) +- usbi_remove_event_source(HANDLE_CTX(dev_handle), hpriv->fd); ++ usbi_remove_event_source(DEVICE_CTX(dev_handle->dev), hpriv->fd); + if (!hpriv->fd_keep) + close(hpriv->fd); + } +@@ -2736,7 +2736,7 @@ static int op_handle_events(struct libusb_context *ctx, + /* remove the fd from the pollfd set so that it doesn't continuously + * trigger an event, and flag that it has been removed so op_close() + * doesn't try to remove it a second time */ +- usbi_remove_event_source(HANDLE_CTX(handle), hpriv->fd); ++ usbi_remove_event_source(DEVICE_CTX(handle->dev), hpriv->fd); + hpriv->fd_removed = 1; + + /* device will still be marked as attached if hotplug monitor thread diff --git a/1073.patch b/1073.patch deleted file mode 100644 index 8b91a48..0000000 --- a/1073.patch +++ /dev/null @@ -1,72 +0,0 @@ -From bf833ee6adf58bd4a4a468aa729cdc78bdc13ede Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Tue, 15 Feb 2022 11:13:41 +0100 -Subject: [PATCH 1/2] core: Catch NULL dev_handle when getting a transfer's - context - -The dev_handle will be set to NULL when the transfer is still in-flight -while the device is closed. In that case, the transfer free function -will try to access the context and would run into a NULL pointer -dereference. - -Add a test for dev_handle being valid before dereferencing it further. ---- - libusb/libusbi.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libusb/libusbi.h b/libusb/libusbi.h -index 158a9af5..dde43df2 100644 ---- a/libusb/libusbi.h -+++ b/libusb/libusbi.h -@@ -330,7 +330,7 @@ void usbi_log(struct libusb_context *ctx, enum libusb_log_level level, - - #define DEVICE_CTX(dev) ((dev)->ctx) - #define HANDLE_CTX(handle) (DEVICE_CTX((handle)->dev)) --#define TRANSFER_CTX(transfer) (HANDLE_CTX((transfer)->dev_handle)) -+#define TRANSFER_CTX(transfer) ((transfer)->dev_handle ? HANDLE_CTX((transfer)->dev_handle) : NULL) - #define ITRANSFER_CTX(itransfer) \ - (TRANSFER_CTX(USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer))) - - -From 6428090ea77dfb80906a146977ea7fd6de4718c8 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Tue, 15 Feb 2022 10:59:00 +0100 -Subject: [PATCH 2/2] io: Unset dev_handle when removing transfer from flying - list - -API users might hold on to transfers a bit longer than they are in the -flying list. If they then close the device prior to freeing all -transfers, we would end up with invalid pointers to the device. - -Fix this by setting the device handle to NULL when removing the device -from the flying list. This matches the behaviour when the device is -closed while the transfer is still in the flying list. - -Specifically, the libgusb wrapper will currently only free the -underlying transfer in a later mainloop iteration (as a side effect on -how GTask does memory management). It is possible to fix this, but it -would make memory management within libgusb much more error prone. ---- - libusb/io.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libusb/io.c b/libusb/io.c -index 0d2ac9ea..4e6d8984 100644 ---- a/libusb/io.c -+++ b/libusb/io.c -@@ -1456,6 +1456,7 @@ static int add_to_flying_list(struct usbi_transfer *itransfer) - * if it fails to update the timer for the next timeout. */ - static int remove_from_flying_list(struct usbi_transfer *itransfer) - { -+ struct libusb_transfer *transfer = USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer); - struct libusb_context *ctx = ITRANSFER_CTX(itransfer); - int rearm_timer; - int r = 0; -@@ -1466,6 +1467,7 @@ static int remove_from_flying_list(struct usbi_transfer *itransfer) - list_del(&itransfer->list); - if (rearm_timer) - r = arm_timer_for_next_timeout(ctx); -+ transfer->dev_handle = NULL; - usbi_mutex_unlock(&ctx->flying_transfers_lock); - - return r; diff --git a/libusbx.spec b/libusbx.spec index 08883a1..9349701 100644 --- a/libusbx.spec +++ b/libusbx.spec @@ -1,27 +1,23 @@ Summary: Library for accessing USB devices Name: libusbx -Version: 1.0.25 -Release: 2%{?dist} +%define upstream 1.0.26 +Version: %( echo %{upstream} | sed s/-/~/ ) +Release: 1%{?dist} # upstream libusbx has merged back with libusb and is now called libusb again # but we already have a libusb package for the old libusb-compat-0.1, renaming # that to libusb-compat while at the same time giving this its name is a bit # tricky, lets stick with the libusbx name for now -Source0: https://github.com/libusb/libusb/releases/download/v%{version}/libusb-%{version}.tar.bz2 +Source0: https://github.com/libusb/libusb/releases/download/v%{upstream}/libusb-%{upstream}.tar.bz2 License: LGPLv2+ URL: http://libusb.info BuildRequires: systemd-devel doxygen libtool -BuildRequires: make +BuildRequires: make +#BuildRequires: umockdev-devel >= 0.16.0 Provides: libusb1 = %{version}-%{release} Obsoletes: libusb1 <= 1.0.9 -# Fix a crash after libusb_exit API has been misused -# https://bugzilla.redhat.com/show_bug.cgi?id=2050638 -Patch0001: https://github.com/libusb/libusb/pull/1058.patch -# Fix a crash if a transfer outlives closing the device -Patch0002: https://github.com/libusb/libusb/pull/1073.patch - # Pull in coverity related fixes -Patch9999: https://github.com/libusb/libusb/pull/1067.patch +Patch9991: https://github.com/libusb/libusb/pull/1067.patch %description This package provides a way for applications to access USB devices. @@ -65,7 +61,7 @@ This package contains tests and examples for %{name}. %prep -%autosetup -p1 -n libusb-%{version} +%autosetup -p1 -n libusb-%{upstream} chmod -x examples/*.c mkdir -p m4 @@ -85,6 +81,7 @@ popd %{make_install} mkdir -p $RPM_BUILD_ROOT%{_bindir} install -m 755 tests/.libs/stress $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress +#install -m 755 tests/.libs/umockdev $RPM_BUILD_ROOT%{_bindir}/libusb-test-umockdev install -m 755 examples/.libs/testlibusb \ $RPM_BUILD_ROOT%{_bindir}/libusb-test-libusb # Some examples are very device-specific / require specific hw and miss --help @@ -99,6 +96,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la %check LD_LIBRARY_PATH=libusb/.libs ldd $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-stress +#LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-umockdev LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-test-libusb LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-example-listdevs @@ -124,10 +122,21 @@ LD_LIBRARY_PATH=libusb/.libs $RPM_BUILD_ROOT%{_bindir}/libusb-example-listdevs %{_bindir}/libusb-example-listdevs %{_bindir}/libusb-example-xusb %{_bindir}/libusb-test-stress +#%{_bindir}/libusb-test-umockdev %{_bindir}/libusb-test-libusb %changelog +* Tue Apr 12 2022 Benjamin Berg - 1.0.26 +- Pull in new upstream libusb containing important regression fixes + Resolves: #2058730 + Resolves: #1938801 + +* Mon Feb 28 2022 Benjamin Berg - 1.0.25-3 +- Updated and new regression fixes + Resolves: #2058730 + Related: #1938801 + * Tue Feb 15 2022 Benjamin Berg - 1.0.25-2 - Fix a crash if a transfer outlives closing the device Related: #1938801 diff --git a/sources b/sources index 75982ca..3b509af 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libusb-1.0.25.tar.bz2) = f1e6e5577d4bd1ff136927dc66c615014a06ac332ddd797b1d1ad5f7b68e2405e66068dcb210e2f0ae3e31681603ef72efbd88bf7fbe0eb41ce700fdc3f92f9d +SHA512 (libusb-1.0.26.tar.bz2) = fcdb85c98f21639668693c2fd522814d440972d65883984c4ae53d0555bdbdb7e8c7a32199cd4b01113556a1eb5be7841b750cc73c9f6bda79bfe1af80914e71 diff --git a/tests/run.sh b/tests/run.sh index 440092c..11dc37b 100644 --- a/tests/run.sh +++ b/tests/run.sh @@ -4,5 +4,6 @@ set -e ldd /usr/bin/libusb-test-stress /usr/bin/libusb-test-stress +#/usr/bin/libusb-test-umockdev /usr/bin/libusb-test-libusb /usr/bin/libusb-example-listdevs