[vbox-dev] Nullpointer access by USBDevIo thread in vusbUrbDoReapAsync

Michal Necasek michal.necasek at oracle.com
Mon Feb 26 10:06:40 UTC 2018

    Hi Alexander,

  Thanks for the report.

  The bug is real, though the fix is unlikely to be quite correct. It's 
not something your porting introduced (we've seen it too, but extremely 
sporadically), but it's very likely that in your environment the 
probability of hitting the bug is much higher.

  The suggested fix will reduce the likelihood of the crash, but not 
eliminate it, because the pointer can almost certainly still become null 
between the check and the point where it's used.

  Do you have some information about what triggers the crash? That is, 
what sort of USB configuration and what user action. As I mentioned, we 
have seen this problem before, but we don't know how to reproduce it.


On 2/13/2018 11:45 AM, Alexander Boettcher wrote:
> Hello,
> we encountered in our ported version of Virtualbox (originally in
> 5.1.22, now in 5.1.32) from time to time a nullpointer crash in the
> context of the USBDevIo thread (vusbUrbDoReapAsync() function).
> We get around by the following patch [1] (original bug report at [2])
> and all seems to work as expected.
> The question from my side is, do you think this is valid fix ? Or do you
> expect that pVUsbUrbNext should never be null and it maybe just becomes
> null possibly due to our porting (timing, wrong usage etc.) ?
> After looking through your svn repository at [0] it seems the issue also
> could possibly exists there, since the code looks very similar regarding
> the pVUsbUrbNext variable compared to 5.1.22/32.
> Thanks for any thoughts,
> Alexander Boettcher.
> [0]
> https://www.virtualbox.org/svn/vbox/trunk/src/VBox/Devices/USB/VUSBUrb.cpp
> [1]
> https://github.com/genodelabs/genode/commit/205c08bd9db9700f6a2629f97578e5fb9592fe94
> [2] https://github.com/genodelabs/genode/issues/2612

More information about the vbox-dev mailing list