qemu-usb: reset completion pointer

Reset the completion pointer to prevent a double free in case the packet is processed during ISOC IN request handling. Fixes #4041.
2024-12-19 13:47:56 +00:00 · 2021-02-25 18:31:16 +01:00 · 2021-02-25 18:31:16 +01:00 · 42f3d2eccd
commit 42f3d2eccd
parent c03534e355
1 changed files with 2 additions and 0 deletions
--- a/repos/libports/src/lib/qemu-usb/host.cc
+++ b/repos/libports/src/lib/qemu-usb/host.cc
@ -579,6 +579,8 @@ struct Usb_host_device : List<Usb_host_device>::Element
 		if (packet.completion) {
 			dynamic_cast<Completion *>(packet.completion)->free();
 		}
+		/* make sure we free the completion only once! */
+		packet.completion = nullptr;
 	}

 	Completion *find_valid_completion(USBPacket *p)