Ticket #13185: 0039-usb_modeswitch.cpp-fix-use-after-free.patch

File 0039-usb_modeswitch.cpp-fix-use-after-free.patch, 1.1 KB (added by mt, 7 years ago)

  • src/add-ons/kernel/drivers/common/usb_modeswitch.cpp 

    From b0ec9a08a1860a0cbc67894609cef813894c8e1a Mon Sep 17 00:00:00 2001
From: Murai Takashi <tmurai01@gmail.com>
Date: Mon, 9 Jan 2017 05:37:34 +0900
Subject: [PATCH 39/40] usb_modeswitch.cpp: fix use after free.

---
 src/add-ons/kernel/drivers/common/usb_modeswitch.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/add-ons/kernel/drivers/common/usb_modeswitch.cpp b/src/add-ons/kernel/drivers/common/usb_modeswitch.cpp
index 5c03ab4..8638076 100644
    a b my_device_added(usb_device newDevice, void **cookie)  
    531531
    532532    mutex_init(&device->lock, DRIVER_NAME " device lock");
    533533
    534     device->notify = create_sem(0, DRIVER_NAME " callback notify");
    535     if (device->notify < B_OK) {
     534    sem_id id = create_sem(0, DRIVER_NAME " callback notify");
     535    if (id < B_OK) {
    536536        mutex_destroy(&device->lock);
    537537        free(device);
    538         return device->notify;
     538        return id;
     539    } else {
     540        device->notify = id;
    539541    }
    540542
    541543    mutex_lock(&gDeviceListLock);