Created attachment 151308 [details] testcase for libusb segmentation fault I have encountered a segmentation fault when using libusb on an i386 FreeBSD 10.1 system with the latest patches applied: Steps to reproduce: - get a pointer libusb_device *device - use it in some way - close it - reopen it - claim an interface of the device handle - then it crashes with a segmentation fault Debugging the libusb_claim_interface method led to this observation: I am referring to this source code: http://svnweb.freebsd.org/base/stable/10/lib/libusb/libusb10.c?view=markup#l611 In line 615 the libusb_device * is calculated from the given libusb_device_handle *. The device does contain a NULL pointer as dev->ctx. This null pointer is passed to CTX_LOCK in line 622. Then the segmentation fault occurs. If this line is inserted before line 622 the segmentation fault does not occur: dev->ctx = GET_CONTEXT(dev->ctx); But I am not sure if this is the right way to address the problem. I have created a testcase which I will attach. You need to replace the manufacturer and product ids with some values for a connected usb device. The values in the example are for a HP Deskjet 5550 printer. The same testcase works as expected on an Ubuntu 14.04 system with libusbx 1.0.17.
Hi, You are accessing freed memory. If you want the "device" to stay around after "libusb_close()" please use "libusb_ref_device()" to get an extra reference on it. --HPS
Hi. Thank you for the good advice. Using libusb_ref_device() solves my problem. Best regards Markus Heinz
You're welcome! Feel free to submit more bug reports if you find any further issues. --HPS