There is one quite old bug in usblp.c, with two call paths.
call path 1)
usblp_disconnect()
...
usblp->dev = NULL;
...
if (!usblp->used)
usblp_cleanup (usblp); =>
else /* cleanup later, on close */
up (&usblp->sem);
call path 2)
usblp_release()
if (usblp->dev) {
usblp_unlink_urbs(usblp);
up(&usblp->sem);
} else /* finish cleanup from disconnect */
usblp_cleanup (usblp); =>
=>usblp_cleanup()
...
usb_buffer_free (usblp->dev, USBLP_BUF_SIZE,
usblp->writebuf, usblp->writeurb->transfer_dma);
usb_buffer_free (usblp->dev, USBLP_BUF_SIZE,
usblp->readbuf, usblp->writeurb->transfer_dma);
...
So here cleanup will use NULL pointer for sure, it set set to NULL in
other path and tested to be NULL in the other.
How should this be corrected ? Not that many functions do test
usblp->dev against NULL to know if disconnect is started, so
something else needs to be set and used for the testing.
The variable usblp->used seems to be one possibility, but in
usb-skeleton.c corresponsing variable is a counter of many opens,
so maybe using that as three state variable is not wise.
I can do the patch and testing if somebody knows what way is best.
---
Kari H�meenaho
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
