Ticket #171 (assigned defect)

Opened 4 years ago

Last modified 4 years ago

libusb_get_active_config_descriptor seg faults if device not open

Reported by: afm Owned by: hjelmn
Milestone: libusb/libusbx 1.2.0 Component: libusb-1.0 Darwin backend
Keywords: Cc:
Blocked By: Blocks:


Retrieving the active configuration descriptor using libusb_get_active_config_descriptor on a device that is not open causes a segmentation fault. This is specific to the Darwin backend. It is caused by unchecked dereferencing of priv->device in the function get_configuration_index in os/darwin_usb.c:

static int get_configuration_index (struct libusb_device *dev, int config_value) {
  struct darwin_device_priv *priv = (struct darwin_device_priv *)dev->os_priv;
  UInt8 i, numConfig;
  IOUSBConfigurationDescriptorPtr desc;
  IOReturn kresult;

  /* is there a simpler way to determine the index? */
  kresult = (*(priv->device))->GetNumberOfConfigurations (priv->device, &numConfig);
  if (kresult != kIOReturnSuccess)
    return darwin_to_libusb (kresult);

The segmentation fault happens when priv->device is used, because for a device that was not opened, its value is NULL.

The attached patch fixes this by checking for (priv->device == NULL) and introduces a new error code LIBUSB_ERROR_DEVICE_NOT_OPEN which is returned if this happens.

It would of course be nice if one could get the active device descriptor without opening the device, as is possible on other plattforms, but my knowledge of Mac OS X USB and the Darwin backend of libusb is not sufficient to implement this.


libusb.patch (1.7 KB) - added by afm 4 years ago.
Patch: fix segmentation fault in libusb_get_active_config_descriptor on Darwin

Download all attachments as: .zip

Change History

Changed 4 years ago by afm

Patch: fix segmentation fault in libusb_get_active_config_descriptor on Darwin

comment:1 Changed 4 years ago by hjelmn

Can you try this with 1.0.16-rc8? You should be able to get the active configuration descriptor without the device being open.

comment:2 Changed 4 years ago by hjelmn

  • Milestone set to 1.0.16
  • Owner set to hjelmn
  • Status changed from new to assigned

Pretty sure this is resolved in 1.0.16 since the IOUSBDeviceInterface is now always stored in the libusb_device. Let me know if this is still an issue.

comment:3 Changed 4 years ago by hjelmn

Verified this is resolved in the 1.0.16 release candidate.

Note: See TracTickets for help on using tickets.