File CVE-2016-9911-qemuu-usb-ehci-memory-leakage-in-... of Package xen.5853

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-9911-qemuu-usb-ehci-memory-leakage-in-ehci_init_transfer.patch of Package xen.5853

References: bsc#1014507 CVE-2016-9911

Subject: usb: ehci: fix memory leak in ehci_init_transfer
From: Li Qiang liqiang6-s@360.cn Tue Nov 8 04:11:10 2016 -0800
Date: Thu Nov 10 15:29:58 2016 +0000:
Git: 791f97758e223de3290592d169f8e6339c281714

In ehci_init_transfer function, if the 'cpage' is bigger than 4,
it doesn't free the 'p->sgl' once allocated previously thus leading
a memory leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5821c0f4.091c6b0a.e0c92.e811@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
===================================================================
--- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
+++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
@@ -1270,6 +1270,7 @@ static int ehci_init_transfer(EHCIPacket
     while (bytes > 0) {
         if (cpage > 4) {
             fprintf(stderr, "cpage out of range (%d)\n", cpage);
+            qemu_sglist_destroy(&p->sgl);
             return -1;
         }

Places

File CVE-2016-9911-qemuu-usb-ehci-memory-leakage-in-ehci_init_transfer.patch of Package xen.5853

Places