search

GoogleChromeLabs / chromeos_smart_card_connector

Smart Card Connector App for Chrome OS
https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco
Apache License 2.0
134 stars 49 forks source link

[libusb] Fix use-after-free in submit_transfer #1088

Closed emaxx-google closed 1 year ago

emaxx-google commented 1 year ago

Fix a use-after-free bug in our libusb_submit_transfer() implementation (i.e., LibusbJsProxy::LibusbSubmitTransfer()). The bug was that this function could continue reading from a libusb_transfer* pointer after it's been placed into a shared data structure, where it can be seen, populated and destroyed by other threads.

We also add a PC/SC test that triggered this bug with some probability (visible on the asan_testing bot).

This fixes https://github.com/GoogleChromeLabs/chromeos_smart_card_connector/issues/1090.

emaxx-google commented 1 year ago

The test is flaky - apparently at least one of the issues is a genuine bug: #1090.

github-actions[bot] commented 1 year ago

Continuous Integration: All tests passed. C/C++ test coverage: 73.10% lines.

emaxx-google commented 1 year ago

The test is flaky - apparently at least one of the issues is a genuine bug: #1090.

Now the PR has the fix for it as well.