Fix race condition between usb_host_destroy and fd_removed_cb

fd_removed_cb is called by libusb_exit() -> usbi_io_exit() -> usbi_remove_poolfd() -> ctx->fd_removed_cb.

fd_removed_cb uses context->gio_channels and context->channel_list_lock.
So, you should not free and destroy it before calling libusb_exit().

Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I5fdde607d19be9e4df9214489f91e3d33f41eaf6

diff --git a/src/usb_host.c b/src/usb_host.c
index 5a5f2f1bed392092717123747e1142b9f8ca30b2..f2655d491c7bd0c7aff7ad2205860c352435c6fc 100755 (executable)
--- a/src/usb_host.c
+++ b/src/usb_host.c
@@ -542,9 +542,9 @@ int usb_host_destroy(usb_host_context_h context)
                l = next;
        }
 
+       libusb_exit(context->lusb_ctx);
        g_list_free(context->gio_channels);
        pthread_mutex_destroy(&context->channel_list_lock);
-       libusb_exit(context->lusb_ctx);
 
        free(context);
        return USB_HOST_ERROR_NONE;