summaryrefslogtreecommitdiffstats
path: root/sound/pci
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2011-09-23 09:24:21 +0300
committerTakashi Iwai <tiwai@suse.de>2011-09-23 08:28:56 +0200
commit643d6bbb9637a9b4bb47ec1a1ae3adf3ff9d75a1 (patch)
tree672f649422ea99bd769d871aa03f7d476b23a087 /sound/pci
parent8e699d2cc286506c00ce8ecc67c3d7d6cca9e814 (diff)
downloadop-kernel-dev-643d6bbb9637a9b4bb47ec1a1ae3adf3ff9d75a1.zip
op-kernel-dev-643d6bbb9637a9b4bb47ec1a1ae3adf3ff9d75a1.tar.gz
ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl()
Smatch has a new check for Rosenberg type information leaks where structs are copied to the user with uninitialized stack data in them. The status struct has a hole in it, and on some paths not all the members were initialized. struct hdspm_status { unsigned char card_type; /* 0 1 */ /* XXX 3 bytes hole, try to pack */ enum hdspm_syncsource autosync_source; /* 4 4 */ long long unsigned int card_clock; /* 8 8 */ The hdspm_version struct had holes in it as well. struct hdspm_version { unsigned char card_type; /* 0 1 */ char cardname[20]; /* 1 20 */ /* XXX 3 bytes hole, try to pack */ unsigned int serial; /* 24 4 */ short unsigned int firmware_rev; /* 28 2 */ /* XXX 2 bytes hole, try to pack */ int addons; /* 32 4 */ Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound/pci')
-rw-r--r--sound/pci/rme9652/hdspm.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
index 214110d..bf438d1 100644
--- a/sound/pci/rme9652/hdspm.c
+++ b/sound/pci/rme9652/hdspm.c
@@ -6227,6 +6227,8 @@ static int snd_hdspm_hwdep_ioctl(struct snd_hwdep *hw, struct file *file,
break;
case SNDRV_HDSPM_IOCTL_GET_STATUS:
+ memset(&status, 0, sizeof(status));
+
status.card_type = hdspm->io_type;
status.autosync_source = hdspm_autosync_ref(hdspm);
@@ -6266,6 +6268,8 @@ static int snd_hdspm_hwdep_ioctl(struct snd_hwdep *hw, struct file *file,
break;
case SNDRV_HDSPM_IOCTL_GET_VERSION:
+ memset(&hdspm_version, 0, sizeof(hdspm_version));
+
hdspm_version.card_type = hdspm->io_type;
strncpy(hdspm_version.cardname, hdspm->card_name,
sizeof(hdspm_version.cardname));
OpenPOWER on IntegriCloud