diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch')
| -rw-r--r-- | app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch deleted file mode 100644 index dce1b2b2a326..000000000000 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Li Qiang <address@hidden> - -While processing isochronous transfer descriptors(iTD), if the page -select(PG) field value is out of bands it will return. In this -situation the ehci's sg list doesn't be freed thus leading a memory -leak issue. This patch avoid this. - -Signed-off-by: Li Qiang <address@hidden> ---- - hw/usb/hcd-ehci.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c -index b093db7..f4ece9a 100644 ---- a/hw/usb/hcd-ehci.c -+++ b/hw/usb/hcd-ehci.c -@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, - if (off + len > 4096) { - /* transfer crosses page border */ - if (pg == 6) { -+ qemu_sglist_destroy(&ehci->isgl); - return -1; /* avoid page pg + 1 */ - } - ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); --- -1.8.3.1 |