$NetBSD: patch-CVE-2016-7423,v 1.1 2016/10/30 14:48:00 spz Exp $

from:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5

scsi: mptsas: use g_new0 to allocate MPTSASRequest object

When processing IO request in mptsas, it uses g_new to allocate
a 'req' object. If an error occurs before 'req->sreq' is
allocated, It could lead to an OOB write in mptsas_free_request
function. Use g_new0 to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>

--- hw/scsi/mptsas.c.orig	2016-09-02 15:34:20.000000000 +0000
+++ hw/scsi/mptsas.c
@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_reques
         goto bad;
     }
 
-    req = g_new(MPTSASRequest, 1);
+    req = g_new0(MPTSASRequest, 1);
     QTAILQ_INSERT_TAIL(&s->pending, req, next);
     req->scsi_io = *scsi_io;
     req->dev = s;
