clean: remove buildinfo/changes
[pve-qemu-kvm.git] / debian / patches / extra / CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
blobfc1c382644a8abab19fd855dcca922e2edc1e8fa
1 From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001
2 From: Li Qiang <liqiang6-s@360.cn>
3 Date: Sat, 8 Oct 2016 11:58:03 +0300
4 Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd
6 While processing isochronous transfer descriptors(iTD), if the page
7 select(PG) field value is out of bands it will return. In this
8 situation the ehci's sg list is not freed thus leading to a memory
9 leak issue. This patch avoid this.
11 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
12 Reviewed-by: Thomas Huth <thuth@redhat.com>
13 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
14 ---
15 hw/usb/hcd-ehci.c | 1 +
16 1 file changed, 1 insertion(+)
18 diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
19 index b093db7..f4ece9a 100644
20 --- a/hw/usb/hcd-ehci.c
21 +++ b/hw/usb/hcd-ehci.c
22 @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
23 if (off + len > 4096) {
24 /* transfer crosses page border */
25 if (pg == 6) {
26 + qemu_sglist_destroy(&ehci->isgl);
27 return -1; /* avoid page pg + 1 */
29 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
30 --
31 2.1.4