core: abandon sync transfers after libusb_close()

This commit adds an additional check to synchronous transfer
progression to prevent accessing a potentially deleted context. This
access can occur if a code calls libusb_close() then libusb_exit()
from one thread while another thread is in a synchronous transfer.

Note that this is likely a user error. The application should wait
for all transfers to complete before calling libusb_close(). This
commit is being offered as a best-effort attempt to prevent the
invalid access and return a useful error to the application.

There may still be a window where an invalid access is possible.
This commit is a work around until a better fix is available.

References #610

Signed-off-by: Nathan Hjelm <hjelmn@google.com>

diff --git a/libusb/sync.c b/libusb/sync.c
index a609f65..70942ac 100644 (file)
--- a/libusb/sync.c
+++ b/libusb/sync.c
@@ -1,6 +1,9 @@
+/* -*- Mode: C; indent-tabs-mode:t ; c-basic-offset:8 -*- */
 /*
  * Synchronous I/O functions for libusb
  * Copyright © 2007-2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright © 2019 Nathan Hjelm <hjelmn@cs.unm.edu>
+ * Copyright © 2019 Google LLC. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -57,6 +60,11 @@ static void sync_transfer_wait_for_completion(struct libusb_transfer *transfer)
                        libusb_cancel_transfer(transfer);
                        continue;
                }
+               if (NULL == transfer->dev_handle) {
+                       /* transfer completion after libusb_close() */
+                       transfer->status = LIBUSB_ERROR_NO_DEVICE;
+                       *completed = 1;
+               }
        }
 }
 

diff --git a/libusb/version_nano.h b/libusb/version_nano.h
index 8aa1efc..1ff7ca7 100644 (file)
--- a/libusb/version_nano.h
+++ b/libusb/version_nano.h
@@ -1 +1 @@
-#define LIBUSB_NANO 11389
+#define LIBUSB_NANO 11390