On 19.09.2016 04:48, Li Qiang wrote: > From: Li Qiang <liqiang...@360.cn> > > While processing isochronous transfer descriptors(iTD), if the page > select(PG) field value is out of bands it will return. In this > situation the ehci's sg list doesn't be freed thus leading a memory
s/doesn't be/is not/
> leak issue. This patch avoid this.
>
> Signed-off-by: Li Qiang <liqiang...@360.cn>
> ---
> hw/usb/hcd-ehci.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index b093db7..f4ece9a 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
> if (off + len > 4096) {
> /* transfer crosses page border */
> if (pg == 6) {
> + qemu_sglist_destroy(&ehci->isgl);
> return -1; /* avoid page pg + 1 */
> }
> ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
>
Looks right to me.
Reviewed-by: Thomas Huth <th...@redhat.com>
signature.asc
Description: OpenPGP digital signature
