Hello tech,
in ugen_set_config, the cached config descriptor (ugen.c:213) is
obsolete after the call to usbd_set_config_no (ugen.c:220). Use a
refreshed value so the next loop account for the correct number of
interfaces.
I also believe the dev->cdesc is leaked inside usbd_set_config_index but
I haven't yet fully audited how the variable is used.
--
Thomas Jeunet
Index: ugen.c
===================================================================
RCS file: /var/cvs/src/sys/dev/usb/ugen.c,v
retrieving revision 1.113
diff -u -p -r1.113 ugen.c
--- ugen.c 28 Jan 2021 12:50:28 -0000 1.113
+++ ugen.c 31 Jan 2021 15:37:05 -0000
@@ -223,6 +223,7 @@ ugen_set_config(struct ugen_softc *sc, i
}
}
+ cdesc = usbd_get_config_descriptor(dev);
memset(sc->sc_endpoints, 0, sizeof sc->sc_endpoints);
for (ifaceno = 0; ifaceno < cdesc->bNumInterfaces; ifaceno++) {
DPRINTFN(1,("ugen_set_config: ifaceno %d\n", ifaceno));
