I am currently using the hidapi in a QT application built on Ubuntu 18.04. It works great, except that the application will crash seemingly at random due to a seg fault. After running some valgrind and GDB, it seems that the issue is within or related to hidapi. I found an issue where we were using hid_enumerate without properly using hid_free_enumeration, and once that was fixed it helped, but the application still crashes. Now I have had it crash a few times and ran the core dump file through GDB, this is the output of using backtrace to trace the call stack at time of crash:
4 0x00007f6eae9816db in start_thread (arg=0x7f6e9bfff700)
at pthread_create.c:463
5 0x00007f6eadd6b88f in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Which seems to indicate the issue is from the libusb_alloc_transfer() function, but the only place this function is used in my project is within hid-libusb.c itself. It is used in the read_thread function, which does not appear to ever be called:
static void *read_thread(void *param)
{
hid_device *dev = param;
unsigned char *buf;
const size_t length = dev->input_ep_max_packet_size;
/* Set up the transfer object. */
buf = malloc(length);
dev->transfer = libusb_alloc_transfer(0);
libusb_fill_interrupt_transfer(dev->transfer,
dev->device_handle,
dev->input_endpoint,
buf,
length,
read_callback,
dev,
5000/*timeout*/);
/* Make the first submission. Further submissions are made
from inside read_callback() */
libusb_submit_transfer(dev->transfer);
// Notify the main thread that the read thread is up and running.
pthread_barrier_wait(&dev->barrier);
/* Handle all the events. */
while (!dev->shutdown_thread) {
int res;
res = libusb_handle_events(NULL);
if (res < 0) {
/* There was an error. Break out of this loop. */
break;
}
}
/* Cancel any transfer that may be pending. This call will fail
if no transfers are pending, but that's OK. */
if (libusb_cancel_transfer(dev->transfer) == 0) {
/* The transfer was cancelled, so wait for its completion. */
libusb_handle_events(NULL);
}
/* Now that the read thread is stopping, Wake any threads which are
waiting on data (in hid_read_timeout()). Do this under a mutex to
make sure that a thread which is about to go to sleep waiting on
the condition acutally will go to sleep before the condition is
signaled. */
pthread_mutex_lock(&dev->mutex);
pthread_cond_broadcast(&dev->condition);
pthread_mutex_unlock(&dev->mutex);
/* The dev->transfer->buffer and dev->transfer objects are cleaned up
in hid_close(). They are not cleaned up here because this thread
could end either due to a disconnect or due to a user
call to hid_close(). In both cases the objects can be safely
cleaned up after the call to pthread_join() (in hid_close()), but
since hid_close() calls libusb_cancel_transfer(), on these objects,
they can not be cleaned up here. */
return NULL;
}
It does appear to be mentioned in some comments within hid_close, so perhaps it is used behind the scenes for hid_open and hid_close? All of our calls to hid_open match with a hid_close though. Any ideas what may be causing a segmentation fault here?
I am currently using the hidapi in a QT application built on Ubuntu 18.04. It works great, except that the application will crash seemingly at random due to a seg fault. After running some valgrind and GDB, it seems that the issue is within or related to hidapi. I found an issue where we were using hid_enumerate without properly using hid_free_enumeration, and once that was fixed it helped, but the application still crashes. Now I have had it crash a few times and ran the core dump file through GDB, this is the output of using backtrace to trace the call stack at time of crash:
Which seems to indicate the issue is from the libusb_alloc_transfer() function, but the only place this function is used in my project is within hid-libusb.c itself. It is used in the read_thread function, which does not appear to ever be called:
It does appear to be mentioned in some comments within hid_close, so perhaps it is used behind the scenes for hid_open and hid_close? All of our calls to hid_open match with a hid_close though. Any ideas what may be causing a segmentation fault here?