https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254974
--- Comment #19 from Hans Petter Selasky <hsela...@freebsd.org> ---
wulf@:
# kgdb101 /boot/kernel/usbhid.ko
Reading symbols from /boot/kernel/usbhid.ko...
Reading symbols from /usr/lib/debug//boot/kernel/usbhid.ko.debug...
(kgdb) info line *(usbhid_intr_setup+0x168)
Line 349 of "/usr/src/sys/dev/usb/input/usbhid.c"
starts at address 0x4e5 <usbhid_intr_setup+357>
and ends at 0x4e9 <usbhid_intr_setup+361>.
*/
for (n = 0; n != USBHID_N_TRANSFER; n++) {
if (nowrite && n == USBHID_INTR_OUT_DT)
continue;
error = usbd_transfer_setup(sc->sc_udev, &sc->sc_iface_index,
sc->sc_xfer + n, sc->sc_config + n, 1,
(void *)(sc->sc_xfer_ctx + n), &sc->sc_mtx);
if (error)
break;
}
if (error)
DPRINTF("error=%s\n", usbd_errstr(error));
Missing NULL pointer check for sc_xfer[] if usbd_transfer_setup() fails!
rdesc->rdsize = usbd_xfer_max_len(sc->sc_xfer[USBHID_INTR_IN_DT]);
rdesc->grsize = usbd_xfer_max_len(sc->sc_xfer[USBHID_CTRL_DT]);
rdesc->srsize = rdesc->grsize;
rdesc->wrsize = nowrite ? rdesc->srsize :
usbd_xfer_max_len(sc->sc_xfer[USBHID_INTR_OUT_DT]);
sc->sc_intr_buf = malloc(rdesc->rdsize, M_USBDEV, M_ZERO | M_WAITOK);
--HPS
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"
