[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 03/30] audio: release capture buffers
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL 03/30] audio: release capture buffers |
Date: |
Thu, 4 May 2017 09:17:44 +0200 |
AUD_add_capture() allocates two buffers which are never released.
Add the missing calls to AUD_del_capture().
Impact: Allows vnc clients to exhaust host memory by repeatedly
starting and stopping audio capture.
Fixes: CVE-2017-8309
Cc: P J P <address@hidden>
Cc: Huawei PSIRT <address@hidden>
Reported-by: "Jiangxin (hunter, SCC)" <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Prasad J Pandit <address@hidden>
Message-id: address@hidden
---
audio/audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void
*cb_opaque)
sw = sw1;
}
QLIST_REMOVE (cap, entries);
+ g_free (cap->hw.mix_buf);
+ g_free (cap->buf);
g_free (cap);
}
return;
--
2.9.3
- [Qemu-devel] [PULL 00/30] audio patch queue, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 03/30] audio: release capture buffers,
Gerd Hoffmann <=
- [Qemu-devel] [PULL 04/30] audio: fix WAVState leak, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 12/30] audio: Remove INT8, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 01/30] hw/audio: replace exit with unrealize in hda_codec_device_class_init, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 27/30] audio: UpdateHandler is not used anymore, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 07/30] audio: Remove YM3526 support, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 02/30] hw/audio: convert exit callback in HDACodecDeviceClass to void, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 18/30] audio: Remove unused fields, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 15/30] audio: Unfold OPLSAMPLE, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 21/30] audio: GUSword is uint16_t, Gerd Hoffmann, 2017/05/04
- [Qemu-devel] [PULL 13/30] audio: remove INT16, Gerd Hoffmann, 2017/05/04