projects / pve-qemu-kvm.git / blame
| Commit | Line | Data |
|---|---|---|
| 68a30562 WB |
1 | From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001 |
| 2 | From: Li Qiang <liqiang6-s@360.cn> | |
| 3 | Date: Sat, 8 Oct 2016 11:58:03 +0300 | |
| 4 | Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd | |
| 5 | ||
| 6 | While processing isochronous transfer descriptors(iTD), if the page | |
| 7 | select(PG) field value is out of bands it will return. In this | |
| 8 | situation the ehci's sg list is not freed thus leading to a memory | |
| 9 | leak issue. This patch avoid this. | |
| 10 | ||
| 11 | Signed-off-by: Li Qiang <liqiang6-s@360.cn> | |
| 12 | Reviewed-by: Thomas Huth <thuth@redhat.com> | |
| 13 | Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> | |
| 14 | --- | |
| 15 | hw/usb/hcd-ehci.c | 1 + | |
| 16 | 1 file changed, 1 insertion(+) | |
| 17 | ||
| 18 | diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c | |
| 19 | index b093db7..f4ece9a 100644 | |
| 20 | --- a/hw/usb/hcd-ehci.c | |
| 21 | +++ b/hw/usb/hcd-ehci.c | |
| 22 | @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, | |
| 23 | if (off + len > 4096) { | |
| 24 | /* transfer crosses page border */ | |
| 25 | if (pg == 6) { | |
| 26 | + qemu_sglist_destroy(&ehci->isgl); | |
| 27 | return -1; /* avoid page pg + 1 */ | |
| 28 | } | |
| 29 | ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); | |
| 30 | -- | |
| 31 | 2.1.4 | |
| 32 |