commit
e4ec8cc8039a7063e24204299b462bd1383184a5 upstream.
The stack object â
\80\9cr1â
\80\9d has a total size of 32 bytes. Its field
â
\80\9ceventâ
\80\9d and â
\80\9cvalâ
\80\9d both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
[sw0312.kim: cherry-pick from linux-3.10.y to fix CVE-2016-4578]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I19dd2f10f3bac21d77b74d439191f8804b242e10
}
if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
tu->last_resolution != resolution) {
+ memset(&r1, 0, sizeof(r1));
r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
r1.tstamp = tstamp;
r1.val = resolution;