]>
Commit | Line | Data |
---|---|---|
68a30562 WB |
1 | From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001 |
2 | From: Li Qiang <liqiang6-s@360.cn> | |
3 | Date: Sat, 8 Oct 2016 11:58:03 +0300 | |
4 | Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd | |
5 | ||
6 | While processing isochronous transfer descriptors(iTD), if the page | |
7 | select(PG) field value is out of bands it will return. In this | |
8 | situation the ehci's sg list is not freed thus leading to a memory | |
9 | leak issue. This patch avoid this. | |
10 | ||
11 | Signed-off-by: Li Qiang <liqiang6-s@360.cn> | |
12 | Reviewed-by: Thomas Huth <thuth@redhat.com> | |
13 | Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> | |
14 | --- | |
15 | hw/usb/hcd-ehci.c | 1 + | |
16 | 1 file changed, 1 insertion(+) | |
17 | ||
18 | diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c | |
19 | index b093db7..f4ece9a 100644 | |
20 | --- a/hw/usb/hcd-ehci.c | |
21 | +++ b/hw/usb/hcd-ehci.c | |
22 | @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, | |
23 | if (off + len > 4096) { | |
24 | /* transfer crosses page border */ | |
25 | if (pg == 6) { | |
26 | + qemu_sglist_destroy(&ehci->isgl); | |
27 | return -1; /* avoid page pg + 1 */ | |
28 | } | |
29 | ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); | |
30 | -- | |
31 | 2.1.4 | |
32 |