The C Source, Patches and (shudder!) Bugs
Post Reply
do3cc
Posts: 1
Joined: Fri Dec 05, 2014 3:51 pm

Segfault with freeing active configuration twice

Post by do3cc » Fri Dec 05, 2014 4:02 pm

Hi,

I am trying to use the usb_modeswitch with my Alcatel onetouch X602D
There was a thread here explaining that I have to change the configuration profile.
http://www.draisberghof.de/usb_modeswit ... 02d#p13926

For me, this triggers a SegFault.

After Relearning C, I think I drilled it down to improper handling of a global variable for the configuration descriptor.
In my case, get_current_configuration() gets called twice in one run. In the first run, the global variable active_config is NULL, but get_current_configuration needs a active_config, so it gets an active_config and stores the pointer in the global variable. At the end of the method, the active_config is freed, but the global variable still points to the same, now freed adress.
On the second run, no get_active_config from libusb gets called, so no new address gets assigned. Now usb_modeswitch tries to free the descriptor again at the end of the method. Here comes the segfault.
There are multiple locations in the code where an active config gets loaded, then freed but the global variable does not get NULLed. I NULLed the variable in the source in this one invocation, now I don't get segfaults any more. Unfortunately I now get the notification that changing the configuration has failed...

Josh
Site Admin
Posts: 6534
Joined: Sat Nov 03, 2007 12:30 am

Re: Segfault with freeing active configuration twice

Post by Josh » Sun Dec 14, 2014 7:48 pm

Thanks for the report - I'll look into it.

Post Reply