mirror of
https://github.com/qemu/qemu.git
synced 2024-11-28 14:24:02 +08:00
vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)
The 'res->iov' will be leaked if the guest trigger following sequences:
virgl_cmd_create_resource_2d
virgl_resource_attach_backing
virgl_cmd_resource_unref
This patch fixes this.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75
("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref"
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-6-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
parent
b7afebcf9e
commit
f6091d86ba
@ -108,9 +108,16 @@ virgl_cmd_resource_unref(VuGpu *g,
|
||||
struct virtio_gpu_ctrl_command *cmd)
|
||||
{
|
||||
struct virtio_gpu_resource_unref unref;
|
||||
struct iovec *res_iovs = NULL;
|
||||
int num_iovs = 0;
|
||||
|
||||
VUGPU_FILL_CMD(unref);
|
||||
|
||||
virgl_renderer_resource_detach_iov(unref.resource_id,
|
||||
&res_iovs,
|
||||
&num_iovs);
|
||||
g_free(res_iovs);
|
||||
|
||||
virgl_renderer_resource_unref(unref.resource_id);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user