debian/patches/extra/CVE-2016-8577-9pfs-fix-potential-host-memory-leak-in-v9fs_read.patch

   1 From 8794fc68736fda80d7191f100c03c960a5ef1224 Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liqiang6-s@360.cn>
   3 Date: Tue, 11 Oct 2016 09:27:45 +0200
   4 Subject: [PATCH 3/4] 9pfs: fix potential host memory leak in v9fs_read
   5
   6 In 9pfs read dispatch function, it doesn't free two QEMUIOVector
   7 object thus causing potential memory leak. This patch avoid this.
   8
   9 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
  10 Signed-off-by: Greg Kurz <groug@kaod.org>
  11 ---
  12  hw/9pfs/9p.c | 5 +++--
  13  1 file changed, 3 insertions(+), 2 deletions(-)
  14
  15 diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
  16 index dfe293d..54e18a2 100644
  17 --- a/hw/9pfs/9p.c
  18 +++ b/hw/9pfs/9p.c
  19 @@ -1812,14 +1812,15 @@ static void v9fs_read(void *opaque)
  20              if (len < 0) {
  21                  /* IO error return the error */
  22                  err = len;
  23 -                goto out;
  24 +                goto out_free_iovec;
  25              }
  26          } while (count < max_count && len > 0);
  27          err = pdu_marshal(pdu, offset, "d", count);
  28          if (err < 0) {
  29 -            goto out;
  30 +            goto out_free_iovec;
  31          }
  32          err += offset + count;
  33 +out_free_iovec:
  34          qemu_iovec_destroy(&qiov);
  35          qemu_iovec_destroy(&qiov_full);
  36      } else if (fidp->fid_type == P9_FID_XATTR) {
  37 --
  38 2.1.4
  39