Ping!
2016-09-19 10:48 GMT+08:00 Li Qiang <liq...@gmail.com>:
> From: Li Qiang <liqiang...@360.cn>
>
> While processing isochronous transfer descriptors(iTD), if the page
> select(PG) field value is out of bands it will return. In this
> situation the ehci's sg list doesn't be freed thus leading a memory
> leak issue. This patch avoid this.
>
> Signed-off-by: Li Qiang <liqiang...@360.cn>
> ---
> hw/usb/hcd-ehci.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index b093db7..f4ece9a 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
> if (off + len > 4096) {
> /* transfer crosses page border */
> if (pg == 6) {
> + qemu_sglist_destroy(&ehci->isgl);
> return -1; /* avoid page pg + 1 */
> }
> ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
> --
> 1.8.3.1
>
>
