Accueil Explorer Aide
Connexion
GfA
/
linux_kernel
5
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt

The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Kangjie Lu il y a 9 ans
Parent
9a47e9cff9
commit
e4ec8cc803
1 fichiers modifiés avec 1 ajouts et 0 suppressions
Vue unifiée Afficher les stats Diff
  1. 1 0
      sound/core/timer.c

+ 1 - 0
sound/core/timer.c
Voir le fichier 

@@ -1266,6 +1266,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri,
 
 	}
 
 	}
 
 	if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
 
 	if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
 
 	    tu->last_resolution != resolution) {
 
 	    tu->last_resolution != resolution) {
 
+		memset(&r1, 0, sizeof(r1));
 
 		r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
 
 		r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
 
 		r1.tstamp = tstamp;
 
 		r1.tstamp = tstamp;
 
 		r1.val = resolution;
 
 		r1.val = resolution;