linux_usbfs: op_handle_events: Protect against not finding the device-handle

We scan the list of open devices to find the device-handle based on the fd,
add a check to ensure that we've actually found the handle before continuing.

This fixes the following Coverity warning:

*** CID 62575:  Explicit null dereferenced  (FORWARD_NULL)
/libusb/os/linux_usbfs.c: 2594 in op_handle_events()
2588     			hpriv = _device_handle_priv(handle);
2589     			if (hpriv->fd == pollfd->fd)
2590     				break;
2591     		}
2592
2593     		if (pollfd->revents & POLLERR) {
>>>     CID 62575:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Dereferencing null pointer "hpriv".
2594     			usbi_remove_pollfd(HANDLE_CTX(handle), hpriv->fd);
2595     			usbi_handle_disconnect(handle);
2596     			/* device will still be marked as attached if hotplug
monitor thread
2597     			 * hasn't processed remove event yet */
2598     			usbi_mutex_static_lock(&linux_hotplug_lock);
2599     			if (handle->dev->attached)

Signed-off-by: Hans de Goede <hdegoede@redhat.com>

2 files changed, 7 insertions, 1 deletions

diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
index 87e20a6..db21710 100644
--- a/libusb/os/linux_usbfs.c
+++ b/libusb/os/linux_usbfs.c
@@ -2590,6 +2590,12 @@ static int op_handle_events(struct libusb_context *ctx,
 				break;
 		}
 
+		if (!hpriv || hpriv->fd != pollfd->fd) {
+			usbi_err(ctx, "cannot find handle for fd %d\n",
+				 pollfd->fd);
+			continue;
+		}
+
 		if (pollfd->revents & POLLERR) {
 			usbi_remove_pollfd(HANDLE_CTX(handle), hpriv->fd);
 			usbi_handle_disconnect(handle);
diff --git a/libusb/version_nano.h b/libusb/version_nano.h
index c938764..f17ff97 100644
--- a/libusb/version_nano.h
+++ b/libusb/version_nano.h
@@ -1 +1 @@
-#define LIBUSB_NANO 10896
+#define LIBUSB_NANO 10897