AnsweredAssumed Answered

NULL POINTER DEREFERENCE USB 5.0 STACK

Question asked by John Strohm on Apr 3, 2015
Latest reply on Apr 6, 2015 by Jorge_Gonzalez

In file usb_dev.c, routine _usb_device_call_service_internal(), which starts at line 231:

 

On line 239, service_ptr is set to NULL.

 

    service_struct_t*             service_ptr = NULL;   // line 239

 

service_ptr is then dereferenced, on lines 248, 251, 255, 258, and 263.

 

            USB_Control_Service(&usb_dev_ptr->usb_framework, event, service_ptr->arg);  // line 248

 

            USB_Reset_Service(&usb_dev_ptr->usb_framework, event, service_ptr->arg);    // line 251

 

            USB_Suspend_Service(&usb_dev_ptr->usb_framework, event, service_ptr->arg);  // line 255

 

            USB_Resume_Service(&usb_dev_ptr->usb_framework, event, service_ptr->arg);   // line 258

 

            USB_Error_Service(&usb_dev_ptr->usb_framework, event, service_ptr->arg);    // line 263

 

You get away with it because Freescale processors traditionally have readable (usually read-only) memory starting at address 0x00000000, so the hardware doesn't trap those accesses.

 

This is really a bad idea, guys.

Outcomes