[Pcsclite-git-commit] [CCID] 01/02: Fix crash with GemCore Pos Pro and GemCore Sim Pro
Ludovic Rousseau
rousseau at moszumanska.debian.org
Tue Jun 28 16:26:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
rousseau pushed a commit to branch master
in repository CCID.
commit 3816150f3e2bf4e9ce3afca2478653dfcdad0ce4
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date: Mon Jun 27 10:47:33 2016 +0200
Fix crash with GemCore Pos Pro and GemCore Sim Pro
The buffer .ccid.arrayOfSupportedDataRates is freed by free() in
CloseUSB().
So it must be allocated by malloc() and not just reference a static
memory buffer.
The crash occured when CloseUSB() called free() on reader disconnection:
[Thread 0x7fffe7fff700 (LWP 4050) exited]
*** Error in `.../PCSC/src/pcscd': free(): invalid pointer: 0x00007ffff61f54c0 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff69f7700 (LWP 4021)]
0x00007ffff722e067 in __GI_raise (sig=sig at entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: Aucun fichier ou dossier de ce type.
(gdb) bt
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
fmt=fmt at entry=0x7ffff7361530 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
str=0x7ffff735d646 "free(): invalid pointer", ptr=<optimized out>)
at malloc.c:4996
have_lock=0) at malloc.c:3840
at ccid_usb.c:913
at ifdwrapper.c:190
rContext=rContext at entry=0x61e2d0) at readerfactory.c:1134
at readerfactory.c:632
at readerfactory.c:119
readerName=0x7ffff00024b0 "Gemalto GemCore SIM Pro Smart Card Reader",
port=2097152) at readerfactory.c:608
at hotplug_libudev.c:362
at pthread_create.c:309
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
---
src/ccid_serial.c | 13 ++++++++++++-
src/ccid_usb.c | 11 ++++++++++-
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/src/ccid_serial.c b/src/ccid_serial.c
index 2402822..32f4027 100644
--- a/src/ccid_serial.c
+++ b/src/ccid_serial.c
@@ -559,7 +559,18 @@ static status_t set_ccid_descriptor(unsigned int reader_index,
{
case GEMCOREPOSPRO:
case GEMCORESIMPRO:
- serialDevice[reader_index].ccid.arrayOfSupportedDataRates = SerialCustomDataRates;
+ {
+ /* Allocate a memory buffer that will be
+ * released in CloseUSB() */
+ void *ptr = malloc(sizeof SerialCustomDataRates);
+ if (ptr)
+ {
+ memcpy(ptr, SerialCustomDataRates,
+ sizeof SerialCustomDataRates);
+ }
+
+ serialDevice[reader_index].ccid.arrayOfSupportedDataRates = ptr;
+ }
serialDevice[reader_index].ccid.dwMaxDataRate = 125000;
break;
diff --git a/src/ccid_usb.c b/src/ccid_usb.c
index 636c198..8fc9897 100644
--- a/src/ccid_usb.c
+++ b/src/ccid_usb.c
@@ -476,7 +476,16 @@ again_libusb:
|| ((GEMCORESIMPRO == readerID)
&& (usbDevice[reader_index].ccid.IFD_bcdDevice < 0x0200)))
{
- usbDevice[reader_index].ccid.arrayOfSupportedDataRates = SerialCustomDataRates;
+ /* Allocate a memory buffer that will be
+ * released in CloseUSB() */
+ void *ptr = malloc(sizeof SerialCustomDataRates);
+ if (ptr)
+ {
+ memcpy(ptr, SerialCustomDataRates,
+ sizeof SerialCustomDataRates);
+ }
+
+ usbDevice[reader_index].ccid.arrayOfSupportedDataRates = ptr;
usbDevice[reader_index].ccid.dwMaxDataRate = 125000;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/CCID.git
More information about the Pcsclite-cvs-commit
mailing list