From: Dan Carpenter Date: Wed, 16 Oct 2013 08:44:25 +0000 (+0300) Subject: ALSA: hdsp - info leak in snd_hdsp_hwdep_ioctl() X-Git-Tag: firefly_0821_release~176^2~5070^2~8 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d14df339c72b6efbba4eddd1d1f3f4b173273f74;p=firefly-linux-kernel-4.4.55.git ALSA: hdsp - info leak in snd_hdsp_hwdep_ioctl() In GCC the sizeof(hdsp_version) is 8 because there is a 2 byte hole at the end of the struct after ->firmware_rev. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c index 4f255dfee450..f59a321a6d6a 100644 --- a/sound/pci/rme9652/hdsp.c +++ b/sound/pci/rme9652/hdsp.c @@ -4845,6 +4845,7 @@ static int snd_hdsp_hwdep_ioctl(struct snd_hwdep *hw, struct file *file, unsigne if ((err = hdsp_get_iobox_version(hdsp)) < 0) return err; } + memset(&hdsp_version, 0, sizeof(hdsp_version)); hdsp_version.io_type = hdsp->io_type; hdsp_version.firmware_rev = hdsp->firmware_rev; if ((err = copy_to_user(argp, &hdsp_version, sizeof(hdsp_version))))