update to qemu-2.9.0-rc2

[pve-qemu-kvm.git] / debian / patches / extra / CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch

diff --git a/debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch b/debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
deleted file mode 100644 (file)
index fc1c382..0000000
--- a/debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Sat, 8 Oct 2016 11:58:03 +0300
-Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd
-
-While processing isochronous transfer descriptors(iTD), if the page
-select(PG) field value is out of bands it will return. In this
-situation the ehci's sg list is not freed thus leading to a memory
-leak issue. This patch avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
----
- hw/usb/hcd-ehci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index b093db7..f4ece9a 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
-             if (off + len > 4096) {
-                 /* transfer crosses page border */
-                 if (pg == 6) {
-+                    qemu_sglist_destroy(&ehci->isgl);
-                     return -1;  /* avoid page pg + 1 */
-                 }
-                 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
--- 
-2.1.4
-