1 files changed, 36 insertions, 0 deletions

diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch
new file mode 100644
index 0000000000..c4132d2fb1
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-8577.patch
@@ -0,0 +1,36 @@
+Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read
+From: Li Qiang <liq3ea@gmail.com>
+
+In 9pfs read dispatch function, it doesn't free two QEMUIOVector
+object thus causing potential memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+---
+ hw/9pfs/9p.c | 5 +++--
+  1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..543a791 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
+             if (len < 0) {
+                 /* IO error return the error */
+                 err = len;
+-                goto out;
++                goto out_free_iovec;
+             }
+         } while (count < max_count && len > 0);
+         err = pdu_marshal(pdu, offset, "d", count);
+         if (err < 0) {
+-            goto out;
++            goto out_free_iovec;
+         }
+         err += offset + count;
++out_free_iovec:
+         qemu_iovec_destroy(&qiov);
+         qemu_iovec_destroy(&qiov_full);
+     } else if (fidp->fid_type == P9_FID_XATTR) {
+-- 
+1.8.3.1
+