projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8e699d2) | patch
ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Fri, 23 Sep 2011 06:24:21 +0000 (09:24 +0300)
committerTakashi Iwai <tiwai@suse.de>
Fri, 23 Sep 2011 06:28:56 +0000 (08:28 +0200)
commit643d6bbb9637a9b4bb47ec1a1ae3adf3ff9d75a1
tree672f649422ea99bd769d871aa03f7d476b23a087tree | snapshot
parent8e699d2cc286506c00ce8ecc67c3d7d6cca9e814commit | diff
ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl()

Smatch has a new check for Rosenberg type information leaks where
structs are copied to the user with uninitialized stack data in them.

The status struct has a hole in it, and on some paths not all the
members were initialized.

struct hdspm_status {
        unsigned char              card_type;            /*     0     1 */
        /* XXX 3 bytes hole, try to pack */
        enum hdspm_syncsource      autosync_source;      /*     4     4 */
        long long unsigned int     card_clock;           /*     8     8 */

The hdspm_version struct had holes in it as well.

struct hdspm_version {
        unsigned char              card_type;            /*     0     1 */
        char                       cardname[20];         /*     1    20 */
        /* XXX 3 bytes hole, try to pack */
        unsigned int               serial;               /*    24     4 */
        short unsigned int         firmware_rev;         /*    28     2 */
        /* XXX 2 bytes hole, try to pack */
        int                        addons;               /*    32     4 */

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/pci/rme9652/hdspm.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.