Double free on xhci_register failure.
Hi all,
drivers/core/device.c will call `device_free()` after xhci_register already frees the private device data. This causes a memory corruption and crash on my RPI4B. I believe the solution is to remove the free call in xhci_register ( https://github.com/u-boot/u-boot/blob/master/drivers/usb/host/xhci.c#L1421), thoughts?
-Richard Habeeb
+Marek Vasut
On Tue, 18 Jul 2023 at 16:14, Richard Habeeb richard.habeeb@gmail.com wrote:
Hi all,
drivers/core/device.c will call `device_free()` after xhci_register already frees the private device data. This causes a memory corruption and crash on my RPI4B. I believe the solution is to remove the free call in xhci_register ( https://github.com/u-boot/u-boot/blob/master/drivers/usb/host/xhci.c#L1421), thoughts?
-Richard Habeeb
On 7/19/23 03:08, Simon Glass wrote:
+Marek Vasut
On Tue, 18 Jul 2023 at 16:14, Richard Habeeb richard.habeeb@gmail.com wrote:
Hi all,
drivers/core/device.c will call `device_free()` after xhci_register already frees the private device data. This causes a memory corruption and crash on my RPI4B. I believe the solution is to remove the free call in xhci_register ( https://github.com/u-boot/u-boot/blob/master/drivers/usb/host/xhci.c#L1421), thoughts?
-Richard Habeeb
Can you send a proper patch ?
Thank you
participants (3)
-
Marek Vasut -
Richard Habeeb -
Simon Glass