From: Li Qiang
While processing isochronous transfer descriptors(iTD), if the page select(PG) field value is out of bands it will return. In this situation the ehci's sg list doesn't be freed thus leading a memory leak issue. This patch avoid this. Signed-off-by: Li Qiang --- hw/usb/hcd-ehci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index b093db7..f4ece9a 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, if (off + len > 4096) { /* transfer crosses page border */ if (pg == 6) { + qemu_sglist_destroy(&ehci->isgl); return -1; /* avoid page pg + 1 */ } ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); -- 1.8.3.1