usb: fix use after free
The ->complete() callback might have released the USBPacket (uhci actually does), so we must not touch it after the callback returns. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Gerd Hoffmann
parent
0c402e5abb
commit
4d8debba76
2
hw/usb.c
2
hw/usb.c
@ -338,8 +338,8 @@ void usb_packet_complete(USBDevice *dev, USBPacket *p)
|
||||
{
|
||||
/* Note: p->owner != dev is possible in case dev is a hub */
|
||||
assert(p->owner != NULL);
|
||||
dev->port->ops->complete(dev->port, p);
|
||||
p->owner = NULL;
|
||||
dev->port->ops->complete(dev->port, p);
|
||||
}
|
||||
|
||||
/* Cancel an active packet. The packed must have been deferred by
|
||||
|
||||
Loading…
Reference in New Issue
Block a user