SHA256
1
0
forked from pool/qemu
qemu/0054-9pfs-fix-potential-host-memory-leak.patch
Andreas Färber f036a54ad6 Accepting request 441247 from home:bfrogers:branches:Virtualization
Refine the reproducible build changes to no longer override linux commands, but rather fix via patches only. Also fix all the recent security issues reported.

OBS-URL: https://build.opensuse.org/request/show/441247
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=320
2016-11-21 17:05:46 +00:00

40 lines
1.3 KiB
Diff

From 5f29f9ab1d097cf326dfa477f75d30117f668b49 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH] 9pfs: fix potential host memory leak in v9fs_read
In 9pfs read dispatch function, it doesn't free two QEMUIOVector
object thus causing potential memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Greg Kurz <groug@kaod.org>
(cherry picked from commit e95c9a493a5a8d6f969e86c9f19f80ffe6587e19)
[BR: CVE-2016-8577 BSC#1003893]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/9p.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 239aef4..4a71cff 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1812,14 +1812,15 @@ static void v9fs_read(void *opaque)
if (len < 0) {
/* IO error return the error */
err = len;
- goto out;
+ goto out_free_iovec;
}
} while (count < max_count && len > 0);
err = pdu_marshal(pdu, offset, "d", count);
if (err < 0) {
- goto out;
+ goto out_free_iovec;
}
err += offset + count;
+out_free_iovec:
qemu_iovec_destroy(&qiov);
qemu_iovec_destroy(&qiov_full);
} else if (fidp->fid_type == P9_FID_XATTR) {