Re: [alsa-devel] [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl()

At Thu, 7 Nov 2013 11:09:54 +0300, Dan Carpenter wrote:

There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace.

Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2')

Does this help at all? It means that the bug has been there even before moving to git. I think it's better to be removed for avoid confusion.

thanks,

Takashi

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com

diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c index c1aa21e..48da227 100644 --- a/sound/isa/sb/sb16_csp.c +++ b/sound/isa/sb/sb16_csp.c @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i switch (cmd) { /* get information */ case SNDRV_SB_CSP_IOCTL_INFO:

• memset(&info, 0, sizeof(info));
  

  *info.codec_name = *p->codec_name; info.func_nr = p->func_nr; info.acc_format = p->acc_format;