From 5853d3cdbd282e70893425c70e87b7f69c535799 Mon Sep 17 00:00:00 2001
From: hselasky <hselasky@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 9 Sep 2016 06:33:56 +0000
Subject: [PATCH] MFC r305284: Fix array size issue when using the pre-scaling
 feature for ISOCHRONOUS USB transfers. Make sure enough length and buffer
 pointers are allocated when setting up the libusb transfer structure to
 support the maximum number of frames the kernel can handle.

git-svn-id: svn://svn.freebsd.org/base/stable/8@305643 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 lib/libusb/libusb20.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/libusb/libusb20.c b/lib/libusb/libusb20.c
index 75af7a186..2c76653e9 100644
--- a/lib/libusb/libusb20.c
+++ b/lib/libusb/libusb20.c
@@ -163,6 +163,12 @@ libusb20_tr_open(struct libusb20_transfer *xfer, uint32_t MaxBufSize,
 		return (LIBUSB20_ERROR_BUSY);
 	if (MaxFrameCount & LIBUSB20_MAX_FRAME_PRE_SCALE) {
 		MaxFrameCount &= ~LIBUSB20_MAX_FRAME_PRE_SCALE;
+		/*
+		 * The kernel can setup 8 times more frames when
+		 * pre-scaling ISOCHRONOUS transfers. Make sure the
+		 * length and pointer buffers are big enough:
+		 */
+		MaxFrameCount *= 8;
 		pre_scale = 1;
 	} else {
 		pre_scale = 0;
@@ -187,8 +193,13 @@ libusb20_tr_open(struct libusb20_transfer *xfer, uint32_t MaxBufSize,
 	}
 	memset(xfer->ppBuffer, 0, size);
 
-	error = xfer->pdev->methods->tr_open(xfer, MaxBufSize,
-	    MaxFrameCount, ep_no, pre_scale);
+	if (pre_scale) {
+		error = xfer->pdev->methods->tr_open(xfer, MaxBufSize,
+		    MaxFrameCount / 8, ep_no, 1);
+	} else {
+		error = xfer->pdev->methods->tr_open(xfer, MaxBufSize,
+		    MaxFrameCount, ep_no, 0);
+	}
 
 	if (error) {
 		free(xfer->ppBuffer);
-- 
2.42.0