From fecc90c6467c0c3892b79f81ed9501a4672c8815 Mon Sep 17 00:00:00 2001 From: iedowse Date: Sun, 28 May 2006 01:17:13 +0000 Subject: [PATCH] NULL out ii->stdstart and ii->stdend when they are invalid. This is not necessary for correct operation but makes it clearer that freed transfer descriptors cannot be accessed. --- sys/dev/usb/uhci.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/uhci.c b/sys/dev/usb/uhci.c index c7e9f0b7fde..6c27a1501d5 100644 --- a/sys/dev/usb/uhci.c +++ b/sys/dev/usb/uhci.c @@ -2690,6 +2690,8 @@ uhci_device_isoc_done(usbd_xfer_handle xfer) return; } #endif + ii->stdstart = NULL; + ii->stdend = NULL; } void @@ -2748,8 +2750,11 @@ uhci_device_intr_done(usbd_xfer_handle xfer) /* The ii is already on the examined list, just leave it. */ } else { DPRINTFN(5,("uhci_device_intr_done: removing\n")); - if (uhci_active_intr_info(ii)) + if (uhci_active_intr_info(ii)) { uhci_del_intr_info(ii); + ii->stdstart = NULL; + ii->stdend = NULL; + } } } @@ -2778,6 +2783,8 @@ uhci_device_ctrl_done(usbd_xfer_handle xfer) if (upipe->u.ctl.length != 0) uhci_free_std_chain(sc, ii->stdstart->link.std, ii->stdend); + ii->stdstart = NULL; + ii->stdend = NULL; DPRINTFN(5, ("uhci_device_ctrl_done: length=%d\n", xfer->actlen)); } @@ -2801,6 +2808,8 @@ uhci_device_bulk_done(usbd_xfer_handle xfer) uhci_remove_bulk(sc, upipe->u.bulk.sqh); uhci_free_std_chain(sc, ii->stdstart, NULL); + ii->stdstart = NULL; + ii->stdend = NULL; DPRINTFN(5, ("uhci_device_bulk_done: length=%d\n", xfer->actlen)); } -- 2.45.2