pn53x_usb_open() error path returns pointer to freed memory, not NULL

timmerk / nfc-tools

Automatically exported from code.google.com/p/nfc-tools

0 stars 0 forks source link

pn53x_usb_open() error path returns pointer to freed memory, not NULL #87

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

If pn53x_usb_init() call in pn53x_usb_open() fails, the error path handling 
calls nfc_device_free(pnd) and then returns pnd. This results in freed memory 
being used and likely segmentation fault when driver callbacks get called. The 
attached patch fixes this by returning NULL instead.

Original issue reported on code.google.com by jkmali...@gmail.com on 4 Mar 2012 at 4:57

Attachments:

pn53x_usb-clear-pnd-on-error-path.patch

GoogleCodeExporter commented 9 years ago

Applied to libnfc's trunk, thanks!
http://code.google.com/p/libnfc/source/detail?r=1327

Triage issue as Invalid because it is submitted in the wrong issue tracker 
(nfc-tools instead of libnfc).

Original comment by romain.t...@gmail.com on 5 Mar 2012 at 7:30

Changed state: Invalid