From: Dan Carpenter Date: Thu, 7 Nov 2013 08:09:54 +0000 (+0300) Subject: ALSA: sb16 - info leak in snd_sb_csp_ioctl() X-Git-Tag: v3.13-rc1~2^2~45 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bffbbc0a2ccb9f3a3235ea6c646030e5fc3d771e;p=kernel%2Fkernel-generic.git ALSA: sb16 - info leak in snd_sb_csp_ioctl() There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c index c1aa21e..48da227 100644 --- a/sound/isa/sb/sb16_csp.c +++ b/sound/isa/sb/sb16_csp.c @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i switch (cmd) { /* get information */ case SNDRV_SB_CSP_IOCTL_INFO: + memset(&info, 0, sizeof(info)); *info.codec_name = *p->codec_name; info.func_nr = p->func_nr; info.acc_format = p->acc_format;