[Pcsclite-git-commit] [CCID] 03/04: CreateChannelByNameOrChannel(): call FreeChannel() in case of error

Ludovic Rousseau rousseau at moszumanska.debian.org
Fri Nov 13 15:35:20 UTC 2015 

This is an automated email from the git hooks/post-receive script.

rousseau pushed a commit to branch master
in repository CCID.

commit 522ebb2056b7b2170b142f7ce57b834074abffab
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date:   Fri Nov 13 11:20:04 2015 +0100

    CreateChannelByNameOrChannel(): call FreeChannel() in case of error
    
    If the creation of a channel fails then call FreeChannel() instead of
    IFDHCloseChannel().
    The ressources are unalocated but with no access at the lower layer.
    
    Since the creation failed the channel is not correctly created and
    only part of the reader stucture is initialised.
    
    The problem was discovered with the folowing problem:
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0x7ffff6fe2700 (LWP 6120)]
    0x00007ffff5dca8f2 in CmdPowerOff (reader_index=0) at commands.c:1076
    1076		cmd[6] = (*ccid_descriptor->pbSeq)++;
    (gdb) print ccid_descriptor
    $1 = (_ccid_descriptor *) 0x7ffff5fe0468 <usbDevice+40>
    (gdb) print ccid_descriptor->pbSeq
    $2 = (unsigned char *) 0x0
    
    The pbSeq pointer is NULL and can't be dereferenced.
    
    (gdb) bt
     #0  0x00007ffff5dca8f2 in CmdPowerOff (reader_index=0) at commands.c:1076
     #1  0x00007ffff5dce556 in IFDHCloseChannel (Lun=0) at ifdhandler.c:269
     #2  0x00007ffff5dce773 in CreateChannelByNameOrChannel (Lun=0,
         lpcDevice=0x269 <error: Cannot access memory at address 0x269>, Channel=0)
         at ifdhandler.c:194
     #3  0x000000000040673a in IFDOpenIFD (rContext=rContext at entry=0x61e010)
         at ifdwrapper.c:136
     #4  0x0000000000408151 in RFInitializeReader (rContext=0x61e010)
         at readerfactory.c:1036
     #5  0x0000000000408a93 in RFAddReader (readerNameLong=<optimized out>,
         port=2097152, library=<optimized out>,
         device=0x7ffff6fe1d30 "usb:08e6/3437:libusb-1.0:1:2:0")
         at readerfactory.c:329
     #6  0x000000000040d9d4 in HPAddHotPluggable (dev=0x0,
         bus_device=0x61d660 <readerTracker+32> "", interface=0,
         driver=<optimized out>, driver=<optimized out>, desc=...)
         at hotplug_libusb.c:608
     #7  0x000000000040dd2a in HPRescanUsbBus () at hotplug_libusb.c:373
     #8  0x000000000040dfa1 in HPEstablishUSBNotifications (pipefd=0x7fffffffe440)
         at hotplug_libusb.c:429
     #9  0x00007ffff75a30a4 in start_thread (arg=0x7ffff6fe2700)
         at pthread_create.c:309
     #10 0x00007ffff72d804d in clone ()
         at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
---
 src/ifdhandler.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ifdhandler.c b/src/ifdhandler.c
index c06e9fb..1ab367a 100644
--- a/src/ifdhandler.c
+++ b/src/ifdhandler.c
@@ -207,7 +207,7 @@ error:
 	if (return_value != IFD_SUCCESS)
 	{
 		/* release the allocated resources */
-		IFDHCloseChannel(Lun);
+		FreeChannel(reader_index);
 	}
 
 	return return_value;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/CCID.git

More information about the Pcsclite-cvs-commit mailing list