[alsa-devel] [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl()
Takashi Iwai
tiwai at suse.de
Thu Nov 7 09:48:08 CET 2013
At Thu, 7 Nov 2013 11:09:54 +0300,
Dan Carpenter wrote:
>
> There is a 2 byte hole after "info.func_nr" so we could leak unitialized
> stack information to userspace.
>
> Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2')
Does this help at all? It means that the bug has been there even
before moving to git. I think it's better to be removed for avoid
confusion.
thanks,
Takashi
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
> diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c
> index c1aa21e..48da227 100644
> --- a/sound/isa/sb/sb16_csp.c
> +++ b/sound/isa/sb/sb16_csp.c
> @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
> switch (cmd) {
> /* get information */
> case SNDRV_SB_CSP_IOCTL_INFO:
> + memset(&info, 0, sizeof(info));
> *info.codec_name = *p->codec_name;
> info.func_nr = p->func_nr;
> info.acc_format = p->acc_format;
>
More information about the Alsa-devel
mailing list