Skip to content

Commit 80a7d8e

Browse files
osyosy
committed
darwin: handle error from GetConfigurationDescriptorPtr
When a device is disconnected or otherwise `dpriv->device` is invalid, `GetConfigurationDescriptorPtr` will return `kIOReturnNoDevice` and `IOUSBConfigurationDescriptorPtr` will not be set. This means that we have an uninitialized pointer that is read from which is... very bad.
1 parent e63455a commit 80a7d8e

File tree

1 file changed

+9
-5
lines changed

1 file changed

+9
-5
lines changed

libusb/os/darwin_usb.c

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -698,9 +698,9 @@ static int get_configuration_index (struct libusb_device *dev, UInt8 config_valu
698698
return darwin_to_libusb (kresult);
699699

700700
for (i = 0 ; i < numConfig ; i++) {
701-
(*(priv->device))->GetConfigurationDescriptorPtr (priv->device, i, &desc);
701+
kresult = (*(priv->device))->GetConfigurationDescriptorPtr (priv->device, i, &desc);
702702

703-
if (desc->bConfigurationValue == config_value)
703+
if (kresult == kIOReturnSuccess && desc->bConfigurationValue == config_value)
704704
return i;
705705
}
706706

@@ -1823,7 +1823,11 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
18231823
cached_configurations = alloca (sizeof (*cached_configurations) * descriptor.bNumConfigurations);
18241824

18251825
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
1826-
(*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1826+
kresult = (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1827+
if (kresult != kIOReturnSuccess) {
1828+
dpriv->in_reenumerate = false;
1829+
return LIBUSB_ERROR_NOT_FOUND;
1830+
}
18271831
memcpy (cached_configurations + i, cached_configuration, sizeof (cached_configurations[i]));
18281832
}
18291833

@@ -1883,8 +1887,8 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
18831887
}
18841888

18851889
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
1886-
(void) (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1887-
if (memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i]))) {
1890+
kresult = (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1891+
if (kresult != kIOReturnSuccess || memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i]))) {
18881892
usbi_dbg (ctx, "darwin/reenumerate_device: configuration descriptor %d changed", i);
18891893
return LIBUSB_ERROR_NOT_FOUND;
18901894
}

0 commit comments

Comments
 (0)