Skip to content

Commit

Permalink
CreateChannelByNameOrChannel(): call FreeChannel() in case of error
Browse files Browse the repository at this point in the history 
If the creation of a channel fails then call FreeChannel() instead of
IFDHCloseChannel().
The ressources are unalocated but with no access at the lower layer.

Since the creation failed the channel is not correctly created and
only part of the reader stucture is initialised.

The problem was discovered with the folowing problem:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff6fe2700 (LWP 6120)]
0x00007ffff5dca8f2 in CmdPowerOff (reader_index=0) at commands.c:1076
1076		cmd[6] = (*ccid_descriptor->pbSeq)++;
(gdb) print ccid_descriptor
$1 = (_ccid_descriptor *) 0x7ffff5fe0468 <usbDevice+40>
(gdb) print ccid_descriptor->pbSeq
$2 = (unsigned char *) 0x0

The pbSeq pointer is NULL and can't be dereferenced.

(gdb) bt
 #0  0x00007ffff5dca8f2 in CmdPowerOff (reader_index=0) at commands.c:1076
 #1  0x00007ffff5dce556 in IFDHCloseChannel (Lun=0) at ifdhandler.c:269
 #2  0x00007ffff5dce773 in CreateChannelByNameOrChannel (Lun=0,
     lpcDevice=0x269 <error: Cannot access memory at address 0x269>, Channel=0)
     at ifdhandler.c:194
 #3  0x000000000040673a in IFDOpenIFD (rContext=rContext@entry=0x61e010)
     at ifdwrapper.c:136
 #4  0x0000000000408151 in RFInitializeReader (rContext=0x61e010)
     at readerfactory.c:1036
 #5  0x0000000000408a93 in RFAddReader (readerNameLong=<optimized out>,
     port=2097152, library=<optimized out>,
     device=0x7ffff6fe1d30 "usb:08e6/3437:libusb-1.0:1:2:0")
     at readerfactory.c:329
 #6  0x000000000040d9d4 in HPAddHotPluggable (dev=0x0,
     bus_device=0x61d660 <readerTracker+32> "", interface=0,
     driver=<optimized out>, driver=<optimized out>, desc=...)
     at hotplug_libusb.c:608
 #7  0x000000000040dd2a in HPRescanUsbBus () at hotplug_libusb.c:373
 #8  0x000000000040dfa1 in HPEstablishUSBNotifications (pipefd=0x7fffffffe440)
     at hotplug_libusb.c:429
 #9  0x00007ffff75a30a4 in start_thread (arg=0x7ffff6fe2700)
     at pthread_create.c:309
 #10 0x00007ffff72d804d in clone ()
     at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
  • Loading branch information
@LudovicRousseau
LudovicRousseau committed Nov 13, 2015
1 parent eda8501 commit 522ebb2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/ifdhandler.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ static RESPONSECODE CreateChannelByNameOrChannel(DWORD Lun,
if (return_value != IFD_SUCCESS)
{
/* release the allocated resources */
IFDHCloseChannel(Lun);
FreeChannel(reader_index);
}

return return_value;
Expand Down

0 comments on commit 522ebb2

Please sign in to comment.