cdcacm_unbind leaks write request objects. This arises due to freeing the

bulk IN endpoint before the loop that frees the requests via cdcasm_freereq.
That function checks the parameters and skips the freeing if either is NULL.
Freeing the bulk IN enpoint will cause the first param to be NULL, thereby
bypassing the free operation.  To fix, I moved the release of the bulk IN
endpoint until after to loop (much as was the case for the OUT and read
requests, which did not exhibit the problem).
This commit is contained in:
ziggurat29 2016-07-07 12:02:23 -05:00
parent e5b5512d11
commit 2cadf783fd

View File

@ -1162,14 +1162,6 @@ static void cdcacm_unbind(FAR struct usbdevclass_driver_s *driver,
priv->epintin = NULL; priv->epintin = NULL;
} }
/* Free the bulk IN endpoint */
if (priv->epbulkin)
{
DEV_FREEEP(dev, priv->epbulkin);
priv->epbulkin = NULL;
}
/* Free the pre-allocated control request */ /* Free the pre-allocated control request */
if (priv->ctrlreq != NULL) if (priv->ctrlreq != NULL)
@ -1220,6 +1212,14 @@ static void cdcacm_unbind(FAR struct usbdevclass_driver_s *driver,
DEBUGASSERT(priv->nwrq == 0); DEBUGASSERT(priv->nwrq == 0);
leave_critical_section(flags); leave_critical_section(flags);
/* Free the bulk IN endpoint */
if (priv->epbulkin)
{
DEV_FREEEP(dev, priv->epbulkin);
priv->epbulkin = NULL;
}
/* Clear out all data in the circular buffer */ /* Clear out all data in the circular buffer */
priv->serdev.xmit.head = 0; priv->serdev.xmit.head = 0;