[vbox-dev] Nullpointer access by USBDevIo thread in vusbUrbDoReapAsync
Michal Necasek
michal.necasek at oracle.com
Mon Feb 26 10:06:40 GMT 2018
Hi Alexander,
Thanks for the report.
The bug is real, though the fix is unlikely to be quite correct. It's
not something your porting introduced (we've seen it too, but extremely
sporadically), but it's very likely that in your environment the
probability of hitting the bug is much higher.
The suggested fix will reduce the likelihood of the crash, but not
eliminate it, because the pointer can almost certainly still become null
between the check and the point where it's used.
Do you have some information about what triggers the crash? That is,
what sort of USB configuration and what user action. As I mentioned, we
have seen this problem before, but we don't know how to reproduce it.
Regards,
Michal
On 2/13/2018 11:45 AM, Alexander Boettcher wrote:
> Hello,
>
> we encountered in our ported version of Virtualbox (originally in
> 5.1.22, now in 5.1.32) from time to time a nullpointer crash in the
> context of the USBDevIo thread (vusbUrbDoReapAsync() function).
>
> We get around by the following patch [1] (original bug report at [2])
> and all seems to work as expected.
>
> The question from my side is, do you think this is valid fix ? Or do you
> expect that pVUsbUrbNext should never be null and it maybe just becomes
> null possibly due to our porting (timing, wrong usage etc.) ?
>
> After looking through your svn repository at [0] it seems the issue also
> could possibly exists there, since the code looks very similar regarding
> the pVUsbUrbNext variable compared to 5.1.22/32.
>
> Thanks for any thoughts,
>
> Alexander Boettcher.
>
> [0]
> https://www.virtualbox.org/svn/vbox/trunk/src/VBox/Devices/USB/VUSBUrb.cpp
> [1]
> https://github.com/genodelabs/genode/commit/205c08bd9db9700f6a2629f97578e5fb9592fe94
> [2] https://github.com/genodelabs/genode/issues/2612
>
More information about the vbox-dev
mailing list