diff options
author | Nikias Bassen | 2016-02-17 20:24:43 +0100 |
---|---|---|
committer | Nikias Bassen | 2016-02-17 20:24:43 +0100 |
commit | d9bb2d5b11268fe954125c793b7bc3e9caf0ec6a (patch) | |
tree | a757957aeb753d76211396f5706e03d52d8a7be9 /README | |
parent | 1a9ff1f75bec47bdc145393f020a0fd60ae0e6da (diff) | |
download | libirecovery-d9bb2d5b11268fe954125c793b7bc3e9caf0ec6a.tar.gz libirecovery-d9bb2d5b11268fe954125c793b7bc3e9caf0ec6a.tar.bz2 |
Fix possible invalid free in irecv_open_with_ecid()
irecv_open_with_ecid calls libusb_open() in a loop. When the operation
fails libusb_close() is called with the returned handle - which ideally
should be NULL upon calling libusb_open(). However since we're operating
in a loop this is only the case for the first time libusb_open() is called
and subsequent invocations only overwrite the handle upon success.
Whenever the libusb_open() fails and it is not the first invocation, the
libusb_close() that is called afterwards may cause an invalid free.
To prevent this we set the handle to NULL before calling libusb_open().
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions