diff --git a/bugfix-fix-some-illegal-memory-access-and-memory-lea.patch b/bugfix-fix-some-illegal-memory-access-and-memory-lea.patch
new file mode 100644
index 0000000..48c7970
--- /dev/null
+++ b/bugfix-fix-some-illegal-memory-access-and-memory-lea.patch
@@ -0,0 +1,53 @@
+From 0a0a490c805fadc7191489277e77fbf9688b39ab Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Thu, 10 Feb 2022 21:32:37 +0800
+Subject: [PATCH] bugfix: fix some illegal memory access and memory leak
+
+Signed-off-by: yuxiating <yuxiating@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ contrib/elf2dmp/main.c  | 1 +
+ hw/display/cirrus_vga.c | 2 +-
+ util/range.c            | 1 +
+ 3 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
+index 20b477d582..3f0d1eb709 100644
+--- a/contrib/elf2dmp/main.c
++++ b/contrib/elf2dmp/main.c
+@@ -125,6 +125,7 @@ static KDDEBUGGER_DATA64 *get_kdbg(uint64_t KernBase, struct pdb_reader *pdb,
+ 
+     if (va_space_rw(vs, KdDebuggerDataBlock, kdbg, kdbg_hdr.Size, 0)) {
+         eprintf("Failed to extract entire KDBG\n");
++        free(kdbg);
+         return NULL;
+     }
+ 
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index fdca6ca659..c66ed801ef 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -834,7 +834,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
+                    word alignment, so we keep them for the next line */
+                 /* XXX: keep alignment to speed up transfer */
+                 end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+-                copy_count = s->cirrus_srcptr_end - end_ptr;
++                copy_count = MIN(s->cirrus_srcptr_end - end_ptr, CIRRUS_BLTBUFSIZE);
+                 memmove(s->cirrus_bltbuf, end_ptr, copy_count);
+                 s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
+                 s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+diff --git a/util/range.c b/util/range.c
+index 098d9d2dc0..83d1a6c302 100644
+--- a/util/range.c
++++ b/util/range.c
+@@ -65,6 +65,7 @@ GList *range_list_insert(GList *list, Range *data)
+         range_extend(l->data, l->next->data);
+         g_free(l->next->data);
+         new_l = g_list_delete_link(list, l->next);
++        l->next = NULL;
+         assert(new_l == list);
+     }
+ 
+-- 
+2.27.0
+