Skip to content

Commit e379610

Browse files
osyosy
committed
darwin: handle error from GetConfigurationDescriptorPtr
When a device is disconnected or otherwise `dpriv->device` is invalid, `GetConfigurationDescriptorPtr` will return `kIOReturnNoDevice` and `IOUSBConfigurationDescriptorPtr` will not be set. This means that we have an uninitialized pointer that is read from which is... very bad.
1 parent e63455a commit e379610

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

libusb/os/darwin_usb.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -698,9 +698,9 @@ static int get_configuration_index (struct libusb_device *dev, UInt8 config_valu
698698
return darwin_to_libusb (kresult);
699699

700700
for (i = 0 ; i < numConfig ; i++) {
701-
(*(priv->device))->GetConfigurationDescriptorPtr (priv->device, i, &desc);
701+
kresult = (*(priv->device))->GetConfigurationDescriptorPtr (priv->device, i, &desc);
702702

703-
if (desc->bConfigurationValue == config_value)
703+
if (kresult == kIOReturnSuccess && desc->bConfigurationValue == config_value)
704704
return i;
705705
}
706706

@@ -1823,7 +1823,10 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
18231823
cached_configurations = alloca (sizeof (*cached_configurations) * descriptor.bNumConfigurations);
18241824

18251825
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
1826-
(*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1826+
kresult = (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1827+
if (kresult != kIOReturnSuccess) {
1828+
return LIBUSB_ERROR_NOT_FOUND;
1829+
}
18271830
memcpy (cached_configurations + i, cached_configuration, sizeof (cached_configurations[i]));
18281831
}
18291832

@@ -1883,8 +1886,8 @@ static int darwin_reenumerate_device (struct libusb_device_handle *dev_handle, b
18831886
}
18841887

18851888
for (i = 0 ; i < descriptor.bNumConfigurations ; ++i) {
1886-
(void) (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1887-
if (memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i]))) {
1889+
kresult = (*(dpriv->device))->GetConfigurationDescriptorPtr (dpriv->device, i, &cached_configuration);
1890+
if (kresult != kIOReturnSuccess || memcmp (cached_configuration, cached_configurations + i, sizeof (cached_configurations[i]))) {
18881891
usbi_dbg (ctx, "darwin/reenumerate_device: configuration descriptor %d changed", i);
18891892
return LIBUSB_ERROR_NOT_FOUND;
18901893
}

0 commit comments

Comments
 (0)