The qTD structures were not being cleared in ehci_alloc_intr_pipe() and it was possible that garbage could have been in some of the fields. Also, memset the data array for sanity purposes.

A similar fix is in the Chromium seabios repo (3e711dc261).

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/hw/usb-ehci.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/src/hw/usb-ehci.c b/src/hw/usb-ehci.c index 10c92fe..9d9427b 100644 --- a/src/hw/usb-ehci.c +++ b/src/hw/usb-ehci.c @@ -409,6 +409,8 @@ ehci_alloc_intr_pipe(struct usbdevice_s *usbdev goto fail; } memset(pipe, 0, sizeof(*pipe)); + memset(tds, 0, sizeof(*tds) * count); + memset(data, 0, maxpacket * count); ehci_desc2pipe(pipe, usbdev, epdesc); pipe->next_td = pipe->tds = tds; pipe->data = data;