]> git.proxmox.com Git - qemu.git/commitdiff
projects / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c402e5)
usb: fix use after free
authorGerd Hoffmann <kraxel@redhat.com>
Thu, 25 Aug 2011 14:43:15 +0000 (16:43 +0200)
committerGerd Hoffmann <kraxel@redhat.com>
Wed, 7 Sep 2011 07:58:26 +0000 (09:58 +0200)
The ->complete() callback might have released the USBPacket (uhci
actually does), so we must not touch it after the callback returns.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
hw/usb.c patch | blob | blame | history

diff --git a/hw/usb.c b/hw/usb.c
index 685e775a004344a603386e62f972adb4f8e5bc82..a091e4eafc0b9b698b21fafd0fc44e5692920e0d 100644 (file)
--- a/hw/usb.c
+++ b/hw/usb.c
@@ -338,8 +338,8 @@ void usb_packet_complete(USBDevice *dev, USBPacket *p)
 {
     /* Note: p->owner != dev is possible in case dev is a hub */
     assert(p->owner != NULL);
-    dev->port->ops->complete(dev->port, p);
     p->owner = NULL;
+    dev->port->ops->complete(dev->port, p);
 }
 
 /* Cancel an active packet.  The packed must have been deferred by
Qemu copy for testing