diff options
author | Li Qiang <liq3ea@163.com> | 2021-05-15 20:03:59 -0700 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2021-05-27 11:55:59 +0200 |
commit | b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e (patch) | |
tree | 225dd5cf3d242421c45ce9bbbbfb3f7955d0aa0e /contrib | |
parent | b9f79858a614d95f5de875d0ca31096eaab72c3b (diff) | |
download | qemu-b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e.zip qemu-b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e.tar.gz qemu-b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e.tar.bz2 |
vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
If the guest trigger following sequences, the attach_backing will be leaked:
vg_resource_create_2d
vg_resource_attach_backing
vg_resource_unref
This patch fix this by freeing 'res->iov' in vg_resource_destroy.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref")
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-5-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/vhost-user-gpu/vhost-user-gpu.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c index 0437e52..770dfad 100644 --- a/contrib/vhost-user-gpu/vhost-user-gpu.c +++ b/contrib/vhost-user-gpu/vhost-user-gpu.c @@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g, } vugbm_buffer_destroy(&res->buffer); + g_free(res->iov); pixman_image_unref(res->image); QTAILQ_REMOVE(&g->reslist, res, next); g_free(res); |