Global variables must be reset to their default value before a new
dfu_bind is done. Otherwise things wont work and are likely to cause
a system crash due to a use after free: the global dfu_files was still
pointing deallocated structure after unbind.
Signed-off-by: Jules Maselbas <jmaselbas@xxxxxxxxx>
---
drivers/usb/gadget/dfu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/gadget/dfu.c b/drivers/usb/gadget/dfu.c
index c2b3d481a..5bdcb68bf 100644
--- a/drivers/usb/gadget/dfu.c
+++ b/drivers/usb/gadget/dfu.c
@@ -271,6 +271,10 @@ dfu_unbind(struct usb_configuration *c, struct usb_function *f)
{
struct f_dfu *dfu = func_to_dfu(f);
+ dfu_files = NULL;
+ dfu_file_entry = NULL;
+ dfudetach = 0;
+
usb_free_all_descriptors(f);
dma_free(dfu->dnreq->buf);
--
2.21.0.196.g041f5ea
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
