From 07778f6bfa12be139feaff02d6dae0f76938e724 Mon Sep 17 00:00:00 2001
From: Matthew Mirvish <matthew@mm12.xyz>
Date: Sun, 11 Apr 2021 07:25:48 -0400
Subject: [PATCH] upeksonly: fix double free in usb transfer cbs

Some USB transfer callbacks in this driver were freeing their transfer
buffer in their callbacks, which causes a double free since the transfer
itself frees them afterwards. Probably just got missed during the V2 api
changes.
---
 libfprint/drivers/upeksonly.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/libfprint/drivers/upeksonly.c b/libfprint/drivers/upeksonly.c
index 795ad2e..440d094 100644
--- a/libfprint/drivers/upeksonly.c
+++ b/libfprint/drivers/upeksonly.c
@@ -693,8 +693,6 @@ sm_read_reg_cb (FpiUsbTransfer *transfer, FpDevice *device,
       fp_dbg ("read reg result = %02x", self->read_reg_result);
       fpi_ssm_next_state (transfer->ssm);
     }
-
-  g_free (transfer->buffer);
 }
 
 static void
@@ -731,7 +729,6 @@ sm_await_intr_cb (FpiUsbTransfer *transfer, FpDevice *device,
 
   if (error)
     {
-      g_free (transfer->buffer);
       fpi_ssm_mark_failed (transfer->ssm, error);
       return;
     }
@@ -739,7 +736,6 @@ sm_await_intr_cb (FpiUsbTransfer *transfer, FpDevice *device,
   fp_dbg ("interrupt received: %02x %02x %02x %02x",
           transfer->buffer[0], transfer->buffer[1],
           transfer->buffer[2], transfer->buffer[3]);
-  g_free (transfer->buffer);
 
   self->finger_state = FINGER_DETECTED;
   fpi_image_device_report_finger_status (dev, TRUE);