File CVE-2016-2391-qemuu-usb-null-pointer-dereferenc... of Package xen.5015

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch of Package xen.5015

References: bsc#967101 CVE-2016-2391

From d1b07becc481e09225cfe905ec357807ae07f095 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <address@hidden>
Date: Tue, 16 Feb 2016 15:15:04 +0100
Subject: [PATCH] ohci timer fix

Signed-off-by: Gerd Hoffmann <address@hidden>
---
 hw/usb/hcd-ohci.c | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ohci.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/usb/hcd-ohci.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ohci.c
@@ -1349,16 +1349,6 @@ static void ohci_frame_boundary(void *op
  */
 static int ohci_bus_start(OHCIState *ohci)
 {
-    ohci->eof_timer = qemu_new_timer_ns(vm_clock,
-                    ohci_frame_boundary,
-                    ohci);
-
-    if (ohci->eof_timer == NULL) {
-        fprintf(stderr, "usb-ohci: %s: qemu_new_timer_ns failed\n", ohci->name);
-        ohci_die(ohci);
-        return 0;
-    }
-
     DPRINTF("usb-ohci: %s: USB Operational\n", ohci->name);
 
     ohci_sof(ohci);
@@ -1369,9 +1359,7 @@ static int ohci_bus_start(OHCIState *ohc
 /* Stop sending SOF tokens on the bus */
 static void ohci_bus_stop(OHCIState *ohci)
 {
-    if (ohci->eof_timer)
-        qemu_del_timer(ohci->eof_timer);
-    ohci->eof_timer = NULL;
+    qemu_del_timer(ohci->eof_timer);
 }
 
 /* Sets a flag in a port status register but only set it if the port is
@@ -1899,6 +1887,8 @@ static int usb_ohci_init(OHCIState *ohci
     ohci->async_td = 0;
     qemu_register_reset(ohci_reset, ohci);
 
+    ohci->eof_timer = qemu_new_timer_ns(vm_clock,
+                                   ohci_frame_boundary, ohci);
     return 0;
 }

Places

File CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch of Package xen.5015

Places