Skip to content

Commit a28f94e

Browse files
osyosy
committed
darwin: handle error from GetConfigurationDescriptorPtr
When a device is disconnected or otherwise `dpriv->device` is invalid, `GetConfigurationDescriptorPtr` will return `kIOReturnNoDevice` and `IOUSBConfigurationDescriptorPtr` will not be set. This means that we have an uninitialized pointer that is read from which is... very bad.
1 parent 912869b commit a28f94e

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

libusb/os/darwin_usb.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,9 +1027,9 @@ static int get_configuration_index (struct libusb_device *dev, UInt8 config_valu
10271027
return darwin_to_libusb (kresult);
10281028

10291029
for (i = 0 ; i < numConfig ; i++) {
1030-
(*priv->device)->GetConfigurationDescriptorPtr (priv->device, i, &desc);
1030+
kresult = (*priv->device)->GetConfigurationDescriptorPtr (priv->device, i, &desc);
10311031

1032-
if (desc->bConfigurationValue == config_value)
1032+
if (kresult == kIOReturnSuccess && desc->bConfigurationValue == config_value)
10331033
return i;
10341034
}
10351035

@@ -2151,7 +2151,10 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
21512151
cached_configurations = alloca (sizeof (*cached_configurations) * descriptor.bNumConfigurations);
21522152

21532153
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
2154-
(*dpriv->device)->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
2154+
kresult = (*dpriv->device)->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
2155+
if (kresult != kIOReturnSuccess) {
2156+
return LIBUSB_ERROR_NOT_FOUND;
2157+
}
21552158
memcpy (cached_configurations + i, cached_configuration, sizeof (cached_configurations[i]));
21562159
}
21572160

@@ -2213,8 +2216,8 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
22132216
}
22142217

22152218
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
2216-
(void) (*dpriv->device)->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
2217-
if (memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i])) != 0) {
2219+
kresult = (*dpriv->device)->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
2220+
if (kresult != kIOReturnSuccess || memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i])) != 0) {
22182221
usbi_dbg (ctx, "darwin/reenumerate_device: configuration descriptor %d changed", i);
22192222
return LIBUSB_ERROR_NOT_FOUND;
22202223
}

0 commit comments

Comments
 (0)