diff options
| author | Li Qiang <liqiang6-s@360.cn> | 2016-09-18 19:48:35 -0700 |
|---|---|---|
| committer | Michael Tokarev <mjt@tls.msk.ru> | 2016-10-08 11:25:29 +0300 |
| commit | b16c129daf0fed91febbb88de23dae8271c8898a (patch) | |
| tree | bbddc2b838300de364d2374fa8e443026e10e3b9 /hw/usb | |
| parent | a43edcf20a14aab81373fe64a6ed8cf84eb2a7f3 (diff) | |
| download | qemu-b16c129daf0fed91febbb88de23dae8271c8898a.zip qemu-b16c129daf0fed91febbb88de23dae8271c8898a.tar.gz qemu-b16c129daf0fed91febbb88de23dae8271c8898a.tar.bz2 | |
usb: ehci: fix memory leak in ehci_process_itd
While processing isochronous transfer descriptors(iTD), if the page
select(PG) field value is out of bands it will return. In this
situation the ehci's sg list is not freed thus leading to a memory
leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Diffstat (limited to 'hw/usb')
| -rw-r--r-- | hw/usb/hcd-ehci.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index b093db7..f4ece9a 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, if (off + len > 4096) { /* transfer crosses page border */ if (pg == 6) { + qemu_sglist_destroy(&ehci->isgl); return -1; /* avoid page pg + 1 */ } ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); |