Bug 369981

Summary:	dev-libs/libusb-0.12.X memory corruption
Product:	Gentoo Linux	Reporter:	Nicolas Dufresne <nicolas.dufresne>
Component:	[OLD] Core system	Assignee:	Robin Johnson <robbat2>
Status:	RESOLVED NEEDINFO
Severity:	normal	CC:	peter, vapier
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Patch that fixes the memory corruption

Description Nicolas Dufresne 2011-06-03 23:12:06 UTC

The legacy libusb produce double free curruption when use with scanimage and hp-firmware. From the libusb bug system, this won't be fixed (legacy version) but a patch exist.

Reproducible: Always

Steps to Reproduce:
1. Run scanimage

Actual Results:  
Double free corruption

Comment 1 Nicolas Dufresne 2011-06-03 23:13:42 UTC

Created attachment 275755 [details, diff]
Patch that fixes the memory corruption

From:
http://www.libusb.org/attachment/ticket/11/libusb_memset_altsetting_alloc.patch

Comment 2 Wormo (RETIRED) gentoo-dev

2011-06-06 05:41:42 UTC

Thanks for pointing out this patch, assigning to maintainer

Comment 3 SpanKY gentoo-dev

2011-11-13 23:25:54 UTC

Comment on attachment 275755 [details, diff]
Patch that fixes the memory corruption

pretty sure this patch is broken.  upstream trac is down, so i can't check that.

i think what you actually want is:
     ifp = interface->altsetting + interface->num_altsetting;
+    memset(ifp, 0, sizeof(*ifp));
     interface->num_altsetting++;

can you test that out with your failing case ?

Comment 4 Peter Stuge 2012-05-28 14:30:18 UTC

It would be great to get feedback on this and if SpanKY's patch is needed as opposed the patch from upstream (the Trac works for a long time now) then I'll update the patch attached to the upstream ticket.