diff options
author | Takashi Iwai <tiwai@suse.de> | 2018-09-03 16:16:43 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-05-20 09:17:14 +0300 |
commit | e8e3fcbc66f608d38a72fc716ff45e31b7f3d123 (patch) | |
tree | f187b6cd2e275a09949dd2a1bd9cd7115ac36232 /sound | |
parent | 4971520cd762ce9e4cad5ce16b30098c3ee4c0af (diff) | |
download | linux-e8e3fcbc66f608d38a72fc716ff45e31b7f3d123.tar.xz |
ALSA: rawmidi: Initialize allocated buffers
commit 5a7b44a8df822e0667fc76ed7130252523993bda upstream.
syzbot reported the uninitialized value exposure in certain situations
using virmidi loop. It's likely a very small race at writing and
reading, and the influence is almost negligible. But it's safer to
paper over this just by replacing the existing kvmalloc() with
kvzalloc().
Reported-by: syzbot+194dffdb8b22fc5d207a@syzkaller.appspotmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'sound')
-rw-r--r-- | sound/core/rawmidi.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c index d22472ba211e..dd45633d82a3 100644 --- a/sound/core/rawmidi.c +++ b/sound/core/rawmidi.c @@ -125,7 +125,7 @@ static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream) runtime->avail = 0; else runtime->avail = runtime->buffer_size; - if ((runtime->buffer = kmalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { + if ((runtime->buffer = kzalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { kfree(runtime); return -ENOMEM; } @@ -650,7 +650,7 @@ int snd_rawmidi_output_params(struct snd_rawmidi_substream *substream, return -EINVAL; } if (params->buffer_size != runtime->buffer_size) { - newbuf = kmalloc(params->buffer_size, GFP_KERNEL); + newbuf = kzalloc(params->buffer_size, GFP_KERNEL); if (!newbuf) return -ENOMEM; spin_lock_irq(&runtime->lock); |