Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.7653
CVE-2016-7995-qemuu-usb-hcd-ehci-memory-leak-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-7995-qemuu-usb-hcd-ehci-memory-leak-in-ehci_process_itd.patch of Package xen.7653
References: bsc#1003870 CVE-2016-7995 While processing isochronous transfer descriptors(iTD), if the page select(PG) field value is out of bands it will return. In this situation the ehci's sg list doesn't be freed thus leading a memory leak issue. This patch avoid this. Signed-off-by: Li Qiang <address@hidden> --- hw/usb/hcd-ehci.c | 1 + 1 file changed, 1 insertion(+) Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c =================================================================== --- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c +++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c @@ -1506,6 +1506,7 @@ static int ehci_process_itd(EHCIState *e if (off + len > 4096) { /* transfer crosses page border */ if (pg == 6) { + qemu_sglist_destroy(&ehci->isgl); return -1; /* avoid page pg + 1 */ } ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor