Am 21.04.2013 13:07, schrieb Dan Carpenter:
If the ->get_caps() function doesn't clear the buffer then there would stack information leaked to userspace. For example, soc_compr_get_caps() can return success without clearing the buffer.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
Perhaps the soc_compr_get_caps() function should return an error code if the platform->driver->compr_ops is NULL. I'm not sure about that, and it's a separate issue anyway.
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index c84abc8..8d3190a 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -375,6 +375,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) if (!stream->ops->get_caps) return -ENXIO;
- memset(&caps, 0, sizeof(caps)); retval = stream->ops->get_caps(stream, &caps); if (retval) goto out;
--
IMHO this should be done in get_caps() as it will manipulate the entries. or is there a special reason to have it here ?
re, wh