From patchwork Tue Nov  8 12:11:10 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Li Qiang <liq3ea@gmail.com>
X-Patchwork-Id: 692277
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3tCp8s0C6yz9t2C
	for <incoming@patchwork.ozlabs.org>;
	Tue,  8 Nov 2016 23:12:28 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="YHRXAtfk"; dkim-atps=neutral
Received: from localhost ([::1]:60504 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1c45GJ-0000CE-GG
	for incoming@patchwork.ozlabs.org; Tue, 08 Nov 2016 07:12:23 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44564)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <liq3ea@gmail.com>) id 1c45Fa-0008LK-K1
	for qemu-devel@nongnu.org; Tue, 08 Nov 2016 07:11:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <liq3ea@gmail.com>) id 1c45FV-0001TL-NO
	for qemu-devel@nongnu.org; Tue, 08 Nov 2016 07:11:38 -0500
Received: from mail-it0-x244.google.com ([2607:f8b0:4001:c0b::244]:35347)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <liq3ea@gmail.com>) id 1c45FV-0001TE-HA
	for qemu-devel@nongnu.org; Tue, 08 Nov 2016 07:11:33 -0500
Received: by mail-it0-x244.google.com with SMTP id b123so10641264itb.2
	for <qemu-devel@nongnu.org>; Tue, 08 Nov 2016 04:11:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:from:to:cc:subject:date;
	bh=crVzAyNoImp1uAy894smZ/+ptrV/SgX1z2p8Ld795d8=;
	b=YHRXAtfkHqLRwySftfNwtTr223f764638DW70B1bLP6CNytircGayOyXDagMLK0o0q
	MWkyC4RimeY/rtCZsLUAEYOzWDIArqMxE8kTsZy7i2l2TC4Ymn2gUBTvL6ZYvk3yHsxz
	E8t0w20kNGv9X3dhNEvlfkdEhUJySYjHIRL+3gKtUBP1T4IptBf4vrHqPHgLF80p+8o+
	ZddmXNGqf/QmV74Q22VgP93XcjrYm1sLXU2k0P4LfjZ9UzVBc3zseOwHwxhKAdmVjKrt
	FUPcQK6dwJujX182pq1FMKRYQZLFdbl1zVeh1mW2BSaQrwhSi1GAVuGwfaJW73u0ZihO
	E0zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:from:to:cc:subject:date;
	bh=crVzAyNoImp1uAy894smZ/+ptrV/SgX1z2p8Ld795d8=;
	b=NXV1BuhYjZuQmPJg44uYezVZJwyKkJ58+qfAesbmWdRlajeN3qKoD4hhVbmMvE11Tl
	fgpJGBd7EIPJEimus9Y6YHs2RxBvixTpqJKMHj3ZBBrSKbI3WZuTV9n3CZSkwozrYGZW
	iU2ZLbH/f7rceBfFdfj5C/DOkeWFtffT8bWw2sBFZIcPzAUH8ibws8XeJ4r11BwR2uNx
	NNvhoCY4DVddYgMhOikxr1oqOya8H1lcObtZlwnk4ammqjNNKXfYZJ8sb8PPf1vZlSyM
	bBQuZePIrAZBI+1YQ+ddQl/5gImaMs1/RbhQNnCZO7kJtZ8SES416amAI6+B4kQRJwhq
	12LA==
X-Gm-Message-State: 
 ABUngvfKSaa9io/0FXEoGVlP52imkJmpaFJOLEBMw97HOjDV654JajxMzUS+kOqQa9jK+A==
X-Received: by 10.36.122.143 with SMTP id a137mr10595430itc.52.1478607092900;
	Tue, 08 Nov 2016 04:11:32 -0800 (PST)
Received: from localhost.localdomain.localdomain ([104.192.110.250])
	by smtp.gmail.com with ESMTPSA id
	c9sm12008619ioc.37.2016.11.08.04.11.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 08 Nov 2016 04:11:32 -0800 (PST)
Message-ID: <5821c0f4.091c6b0a.e0c92.e811@mx.google.com>
X-Google-Original-Message-ID: 
 <1478607070-10110-1-git-send-email-Qiang(liqiang6-s@360.cn)>
From: Li Qiang <liq3ea@gmail.com>
X-Google-Original-From: Li Qiang(liqiang6-s@360.cn)
To: kraxel@redhat.com,
	qemu-devel@nongnu.org
Date: Tue,  8 Nov 2016 04:11:10 -0800
X-Mailer: git-send-email 1.8.3.1
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2607:f8b0:4001:c0b::244
Subject: [Qemu-devel] [PATCH] usb: ehci: fix memory leak in
	ehci_init_transfer
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Li Qiang <liqiang6-s@360.cn>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

From: Li Qiang <liqiang6-s@360.cn>

In ehci_init_transfer function, if the 'cpage' is bigger than 4,
it doesn't free the 'p->sgl' once allocated previously thus leading
a memory leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
 hw/usb/hcd-ehci.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index f4ece9a..7622a3a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1190,6 +1190,7 @@ static int ehci_init_transfer(EHCIPacket *p)
     while (bytes > 0) {
         if (cpage > 4) {
             fprintf(stderr, "cpage out of range (%d)\n", cpage);
+            qemu_sglist_destroy(&p->sgl);
             return -1;
         }