mirror of
https://github.com/ipxe/ipxe
synced 2025-12-10 13:32:20 +03:00
fbb776f2f2
Some UEFI USB drivers (observed with the keyboard driver on a Microsoft Surface Go) will react to an asynchronous USB transfer failure by terminating the transfer from within the completion handler. This closes the USB endpoint and, in the current implementation, frees the containing structure. This can lead to use-after-free bugs after the UEFI USB driver's completion handler returns, since the calling code in iPXE expects that a completion handler will not perform a control-flow action such as terminating the transfer. Fix by leaving the USB endpoint structure allocated until the device is finally removed, as is already done (as an optimisation) for control and bulk transfers. Signed-off-by: Michael Brown <mcb30@ipxe.org>
iPXE README File Quick start guide: cd src make For any more detailed instructions, see http://ipxe.org