Tree - rpms/qemu - src.fedoraproject.org

Blob History Raw

		3a13ddd	`From: Li Qiang <liqiang6-s@360.cn>`
		3a13ddd	`Date: Sun, 18 Sep 2016 19:48:35 -0700`
		3a13ddd	`Subject: [PATCH] usb: ehci: fix memory leak in ehci_process_itd`
		3a13ddd
		3a13ddd	`While processing isochronous transfer descriptors(iTD), if the page`
		3a13ddd	`select(PG) field value is out of bands it will return. In this`
		3a13ddd	`situation the ehci's sg list is not freed thus leading to a memory`
		3a13ddd	`leak issue. This patch avoid this.`
		3a13ddd
		3a13ddd	`Signed-off-by: Li Qiang <liqiang6-s@360.cn>`
		3a13ddd	`Reviewed-by: Thomas Huth <thuth@redhat.com>`
		3a13ddd	`Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>`
		3a13ddd	`(cherry picked from commit b16c129daf0fed91febbb88de23dae8271c8898a)`
		3a13ddd	`---`
		3a13ddd	`hw/usb/hcd-ehci.c \| 1 +`
		3a13ddd	`1 file changed, 1 insertion(+)`
		3a13ddd
		3a13ddd	`diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c`
		3d039dc	`index b093db729c..f4ece9abed 100644`
		3a13ddd	`--- a/hw/usb/hcd-ehci.c`
		3a13ddd	`+++ b/hw/usb/hcd-ehci.c`
		3a13ddd	`@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,`
		3a13ddd	`if (off + len > 4096) {`
		3a13ddd	`/* transfer crosses page border */`
		3a13ddd	`if (pg == 6) {`
		3a13ddd	`+ qemu_sglist_destroy(&ehci->isgl);`
		3a13ddd	`return -1; /* avoid page pg + 1 */`
		3a13ddd	`}`
		3a13ddd	`ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);`