ALSA: sb16 - info leak in snd_sb_csp_ioctl()

There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Takashi Iwai <tiwai@suse.de>

ALSA: sb16 - info leak in snd_sb_csp_ioctl()
There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Takashi Iwai <tiwai@suse.de>
bffbbc0a · Dan Carpenter · Takashi Iwai · f44f2a54 · bffbbc0a
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

sound/isa/sb/sb16_csp.c sound/isa/sb/sb16_csp.c +1 -0

未找到文件。
--- a/sound/isa/sb/sb16_csp.c
+++ b/sound/isa/sb/sb16_csp.c
@@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
 	switch (cmd) {
 		/* get information */
 	case SNDRV_SB_CSP_IOCTL_INFO:
+		memset(&info, 0, sizeof(info));
 		*info.codec_name = *p->codec_name;
 		info.func_nr = p->func_nr;
 		info.acc_format = p->acc_format;