File 0146-usbredir-free-vm_change_state_handl.patch of Package qemu.12301
From 50adea544cd7991b4b33807d6015011027ecc41c Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 7 Nov 2016 21:57:46 -0800
Subject: [PATCH] usbredir: free vm_change_state_handler in usbredir destroy
dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In usbredir destroy dispatch function, it doesn't free the vm change
state handler once registered in usbredir_realize function. This will
lead a memory leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58216976.d0236b0a.77b99.bcd6@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 07b026fd82d6cf11baf7d7c603c4f5f6070b35bf)
[BR: CVE-2016-9907 BSC#1014109]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/usb/redirect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 2416de83e9..2a7bac47dd 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -128,6 +128,7 @@ struct USBRedirDevice {
struct usbredirfilter_rule *filter_rules;
int filter_rules_count;
int compatible_speedmask;
+ VMChangeStateEntry *vmstate;
};
static void usbredir_hello(void *priv, struct usb_redir_hello_header *h);
@@ -1399,7 +1400,8 @@ static void usbredir_realize(USBDevice *udev, Error **errp)
qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
usbredir_chardev_read, usbredir_chardev_event, dev);
- qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
+ dev->vmstate =
+ qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
}
static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
@@ -1436,6 +1438,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
}
free(dev->filter_rules);
+ qemu_del_vm_change_state_handler(dev->vmstate);
}
static int usbredir_check_filter(USBRedirDevice *dev)
