debian/patches/extra/CVE-2016-9911-usb-ehci-fix-memory-leak-in-ehci_init_transfer.patch

   1 From 824f78bb0135cff4cb29e26c3de1cb4c2da35b46 Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liqiang6-s@360.cn>
   3 Date: Tue, 8 Nov 2016 04:11:10 -0800
   4 Subject: [PATCH 05/12] usb: ehci: fix memory leak in ehci_init_transfer
   5
   6 In ehci_init_transfer function, if the 'cpage' is bigger than 4,
   7 it doesn't free the 'p->sgl' once allocated previously thus leading
   8 a memory leak issue. This patch avoid this.
   9
  10 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
  11 Message-id: 5821c0f4.091c6b0a.e0c92.e811@mx.google.com
  12 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
  13 ---
  14  hw/usb/hcd-ehci.c | 1 +
  15  1 file changed, 1 insertion(+)
  16
  17 diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
  18 index f4ece9a..7622a3a 100644
  19 --- a/hw/usb/hcd-ehci.c
  20 +++ b/hw/usb/hcd-ehci.c
  21 @@ -1190,6 +1190,7 @@ static int ehci_init_transfer(EHCIPacket *p)
  22      while (bytes > 0) {
  23          if (cpage > 4) {
  24              fprintf(stderr, "cpage out of range (%d)\n", cpage);
  25 +            qemu_sglist_destroy(&p->sgl);
  26              return -1;
  27          }
  28
  29 --
  30 2.1.4
  31