vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
If the guest trigger following sequences, the attach_backing will be leaked: vg_resource_create_2d vg_resource_attach_backing vg_resource_unref This patch fix this by freeing 'res->iov' in vg_resource_destroy. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix:stable-6.05e8e3c4c75
("virtio-gpu: fix resource leak in virgl_cmd_resource_unref") Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-5-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commitb7afebcf9e
) Signed-off-by: Michael Roth <michael.roth@amd.com>
parent
6ae68dfd10
commit
457053998d
|
@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g,
|
|||
}
|
||||
|
||||
vugbm_buffer_destroy(&res->buffer);
|
||||
g_free(res->iov);
|
||||
pixman_image_unref(res->image);
|
||||
QTAILQ_REMOVE(&g->reslist, res, next);
|
||||
g_free(res);
|
||||
|
|
Loading…
Reference in New Issue