[alsa-devel] [patch] ALSA: hdsp - info leak in snd_hdsp_hwdep_ioctl()
Takashi Iwai
tiwai at suse.de
Wed Oct 16 11:24:12 CEST 2013
At Wed, 16 Oct 2013 11:44:25 +0300,
Dan Carpenter wrote:
>
> In GCC the sizeof(hdsp_version) is 8 because there is a 2 byte hole at
> the end of the struct after ->firmware_rev.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Thanks, applied.
Takashi
>
> diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
> index 4f255df..f59a321 100644
> --- a/sound/pci/rme9652/hdsp.c
> +++ b/sound/pci/rme9652/hdsp.c
> @@ -4845,6 +4845,7 @@ static int snd_hdsp_hwdep_ioctl(struct snd_hwdep *hw, struct file *file, unsigne
> if ((err = hdsp_get_iobox_version(hdsp)) < 0)
> return err;
> }
> + memset(&hdsp_version, 0, sizeof(hdsp_version));
> hdsp_version.io_type = hdsp->io_type;
> hdsp_version.firmware_rev = hdsp->firmware_rev;
> if ((err = copy_to_user(argp, &hdsp_version, sizeof(hdsp_version))))
>
More information about the Alsa-devel
mailing list