aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLi Qiang <liqiang6-s@360.cn>2016-09-18 19:48:35 -0700
committerMichael Tokarev <mjt@tls.msk.ru>2016-10-08 11:25:29 +0300
commitb16c129daf0fed91febbb88de23dae8271c8898a (patch)
treebbddc2b838300de364d2374fa8e443026e10e3b9
parenta43edcf20a14aab81373fe64a6ed8cf84eb2a7f3 (diff)
usb: ehci: fix memory leak in ehci_process_itd
While processing isochronous transfer descriptors(iTD), if the page select(PG) field value is out of bands it will return. In this situation the ehci's sg list is not freed thus leading to a memory leak issue. This patch avoid this. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-rw-r--r--hw/usb/hcd-ehci.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index b093db729c..f4ece9abed 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
if (off + len > 4096) {
/* transfer crosses page border */
if (pg == 6) {
+ qemu_sglist_destroy(&ehci->isgl);
return -1; /* avoid page pg + 1 */
}
ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);