From: Munkhbaatar Enkhbaatar <[email protected]> ohci_service_iso_td() allocates a USBPacket and frees it after synchronous completion, but it does not call usb_packet_cleanup() first.
Call usb_packet_cleanup() before g_free() so resources owned by USBPacket are released. Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3463 Signed-off-by: Munkhbaatar Enkhbaatar <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> --- hw/usb/hcd-ohci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c index 8f4de0066e..40ebafb4dd 100644 --- a/hw/usb/hcd-ohci.c +++ b/hw/usb/hcd-ohci.c @@ -755,6 +755,7 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed) } else { ret = pkt->status; } + usb_packet_cleanup(pkt); g_free(pkt); trace_usb_ohci_iso_td_so(start_offset, end_offset, start_addr, end_addr, -- 2.43.0
