Valgrind invalid read error in usb_parse_descriptor()

Bug #557620 reported by Sebastien Bacher on 2010-04-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libusb (Ubuntu)
Low
Unassigned

Bug Description

Using lucid beta2, calling LIBMTP_Detect_Raw_Devices() leads to crashes in rhythmbox, valgrind show invalid read error in libusb code

small testcase:

"#include <libmtp.h>

int main (int argc, char **argv) {
 int num_raw_devices;
 LIBMTP_raw_device_t *raw_devices;
 LIBMTP_Detect_Raw_Devices (&raw_devices, &num_raw_devices);
}

 "

Corresponding valgrind log:

"==12975== Invalid read of size 1
==12975== at 0x4085E08: usb_parse_descriptor (descriptors.c:42)
==12975== by 0x40860BF: usb_parse_configuration (descriptors.c:238)
==12975== by 0x4087FF5: usb_os_find_devices (linux.c:512)
==12975== by 0x4085791: usb_find_devices (usb.c:98)
==12975== by 0x40602FD: init_usb (libusb-glue.c:147)
==12975== by 0x4062148: LIBMTP_Detect_Raw_Devices (libusb-glue.c:441)
==12975== by 0x8048510: main (devices.c:6)
==12975== Address 0x422f109 is 0 bytes after a block of size 193 alloc'd
==12975== at 0x4024F20: malloc (vg_replace_malloc.c:236)
==12975== by 0x4087F8E: usb_os_find_devices (linux.c:489)
==12975== by 0x4085791: usb_find_devices (usb.c:98)
==12975== by 0x40602FD: init_usb (libusb-glue.c:147)
==12975== by 0x4062148: LIBMTP_Detect_Raw_Devices (libusb-glue.c:441)
==12975== by 0x8048510: main (devices.c:6)"

Sebastien Bacher (seb128) wrote :

duplicate bug opening

Changed in libusb (Ubuntu):
importance: Undecided → Low
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers