File CVE-2016-9907-qemuu-usb-redirector-memory-leaka... of Package xen.10696

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-9907-qemuu-usb-redirector-memory-leakage-when-destroying-redirector.patch of Package xen.10696

References: bsc#1014490 CVE-2016-9907

In usbredir destroy dispatch function, it doesn't free the vm change
state handler once registered in usbredir_realize function. This will
lead a memory leak issue. This patch avoid this.

Signed-off-by: Li Qiang <address@hidden>
---
 hw/usb/redirect.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/redirect.c
===================================================================
--- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/usb/redirect.c
+++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/redirect.c
@@ -122,6 +122,7 @@ struct USBRedirDevice {
     struct usbredirfilter_rule *filter_rules;
     int filter_rules_count;
     int compatible_speedmask;
+    VMChangeStateEntry *vmstate;
 };
 
 static void usbredir_hello(void *priv, struct usb_redir_hello_header *h);
@@ -1313,7 +1314,8 @@ static int usbredir_initfn(USBDevice *ud
     qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
                           usbredir_chardev_read, usbredir_chardev_event, dev);
 
-    qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
+    dev->vmstate =
+        qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
     add_boot_device_path(dev->bootindex, &udev->qdev, NULL);
     return 0;
 }
@@ -1351,6 +1353,7 @@ static void usbredir_handle_destroy(USBD
     }
 
     free(dev->filter_rules);
+    qemu_del_vm_change_state_handler(dev->vmstate);
 }
 
 static int usbredir_check_filter(USBRedirDevice *dev)

Places

File CVE-2016-9907-qemuu-usb-redirector-memory-leakage-when-destroying-redirector.patch of Package xen.10696

Places