By pressing CTRL-C on a running openocd with FTDI adapter, it's
possible to generate a segmentation fault that with valgrind is
dumped as a SIGABRT:
^CError: libusb_handle_events() failed with LIBUSB_ERROR_INTERRUPTED
==16594== Invalid read of size 8
==16594== at 0x48B2472: libusb_submit_transfer
==16594== by 0x48B4B0F: libusb_control_transfer
==16594== by 0x1A6B9D: mpsse_purge (mpsse.c:428)
==16594== by 0x1A7B96: mpsse_flush (mpsse.c:953)
==16594== by 0x19BA5B: ftdi_execute_queue (ftdi.c:654)
...
==16594== Address 0x6158568 is 72 bytes inside a block of size 216 free'd
==16594== at 0x484118B: free (vg_replace_malloc.c:755)
==16594== by 0x1A7B88: mpsse_flush (mpsse.c:950)
==16594== by 0x19BA5B: ftdi_execute_queue (ftdi.c:654)
...
==16594== Block was alloc'd at
==16594== at 0x48435FF: calloc (vg_replace_malloc.c:1117)
==16594== by 0x48B2259: libusb_alloc_transfer
==16594== by 0x1A7A26: mpsse_flush (mpsse.c:880)
==16594== by 0x19BA5B: ftdi_execute_queue (ftdi.c:654)
...
==16594== Process terminating with default action of signal 6 (SIGABRT):
dumping core
...
Aborted (core dumped)
The error is in mpsse_flush() that, following valgrind dump:
- allocates the buffer at line mpsse.c:880
read_transfer = libusb_alloc_transfer(0);
- frees the buffer at line mpsse.c:950
libusb_free_transfer(read_transfer);
- still pretends to use the freed buffer at line mpsse.c:953
mpsse_purge(ctx);
Move the call to mpsse_purge() right before freeing the buffer.
Change-Id: I47c71ec8c283f4b037fdd7cd72ca2e877cd3a851
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: http://openocd.zylin.com/6417
Tested-by: jenkins
a555434c50