summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2013-11-07 12:09:54 +0400
committerTakashi Iwai <tiwai@suse.de>2013-11-07 13:17:18 +0400
commitbffbbc0a2ccb9f3a3235ea6c646030e5fc3d771e (patch)
treee7570d77f9a67cf869c6ab3a41c8fe49c8ceb523
parentf44f2a5417b2968a8724b352cc0b2545a6bcb1f4 (diff)
downloadlinux-bffbbc0a2ccb9f3a3235ea6c646030e5fc3d771e.tar.xz
ALSA: sb16 - info leak in snd_sb_csp_ioctl()
There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r--sound/isa/sb/sb16_csp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c
index c1aa21edcb65..48da2276683d 100644
--- a/sound/isa/sb/sb16_csp.c
+++ b/sound/isa/sb/sb16_csp.c
@@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
switch (cmd) {
/* get information */
case SNDRV_SB_CSP_IOCTL_INFO:
+ memset(&info, 0, sizeof(info));
*info.codec_name = *p->codec_name;
info.func_nr = p->func_nr;
info.acc_format = p->acc_format;