From patchwork Tue May 9 14:42:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 98933 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp1857647qge; Tue, 9 May 2017 07:43:43 -0700 (PDT) X-Received: by 10.99.1.198 with SMTP id 189mr485541pgb.229.1494341023544; Tue, 09 May 2017 07:43:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494341023; cv=none; d=google.com; s=arc-20160816; b=RfsffVP0Rf6pi9HZWh7aBC6uAy6VktNWrvIqdSdXIh+GYIltkW5j74Ms4pa+DJJvws XOV2RElmB5xM+aGpqKdnDa+DcweeFlo+WkQzzySQvhNnRwZOn13kpDvhC2+vM0VugnYv 36/DXRNFxm72ZRoOWKb1QufJ/84/tP7KCuGINQSa+aN6kK1/F5z9aph1XPYCJ6etqZ3Z k9JhQNEYy8BsTNAcMqVKvWF84mWYxC9u3BfOHhinsYIBgqblMK5L3Yz3WleypF7P3Sxf JW3mLN4fJ4Q/lYw8do9GlwRqfwpa1Q8TfC/YZtTr+a88IB85vzFdvH0zHXBPex0WRvdu Rjtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=W5971O4MRKycjQjW3ma/L5jkP9jX4i+myo1Hh4vDjGQ=; b=qVD0IwurwBNL1Zbu6Id9fBoc7MbPviQtF/LoZgUkhLNuSE/ybWBd1ecGpaAqphhT57 R130nhkhJ4DaNGhqvJ0GSW2tahGk2+xgsRRFecjBNZiVPhLjKfoaujFYQMQFivInRXkD aE+88gx9vE74eJ0SkXASWgPsblog90aCt3EWw6HjIXHNHCCYhr7LlBywT/J6XJ85zKhg UPICaF+divhN51erwvNObr49q1C/BY37Vcm5HxBn+HLxOvxk9aQgk+tuc4j7vlcNXjE+ qcCNzRca3xOV8N602nji8Mrr+lTjs9eWcHZNpABUe+t0imyC61l7HcpF0RqZU4UWm53q 5mhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h2si99892pli.322.2017.05.09.07.43.43; Tue, 09 May 2017 07:43:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754270AbdEIOnm (ORCPT + 6 others); Tue, 9 May 2017 10:43:42 -0400 Received: from mail-pg0-f53.google.com ([74.125.83.53]:35780 "EHLO mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754176AbdEIOnl (ORCPT ); Tue, 9 May 2017 10:43:41 -0400 Received: by mail-pg0-f53.google.com with SMTP id o3so755109pgn.2 for ; Tue, 09 May 2017 07:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=W5971O4MRKycjQjW3ma/L5jkP9jX4i+myo1Hh4vDjGQ=; b=POMcHI4tYizsqSIFw/aR33cDGdK5cE3eHgPsoOeQH1s7P74T/Zt030zIUolf1tl9/8 EPgs77Rx1bIxr5YUPD4lhVW3EkM11GoPCkXECfjX99+FIpOIvW7mBGm8NimKZwlTOFfr rYCTLA4PcyzY8pXGKQ0EL6vcDJ+Tf8HIDr8lc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=W5971O4MRKycjQjW3ma/L5jkP9jX4i+myo1Hh4vDjGQ=; b=MDvVV44pbvZbX97Qu3UhaO3Be3++ptzLx41Q0c1kBe2z5+g2420R0jdedJrMX6mWPV DFRiKqRRZNEKEqqnNOOQKUMeLvObqWArYYSFim2t0KNAot+t95Fmh+MqqUnIIJ+x3wGd QCYX9QKoIWJ6M1y2nQQsirMGpwysbmpgY7GwsF9cPtAJiRQz4MCMIQgSLOCcPc1VFsnh iMBP30Vch4SC380xzLWgoutOeoPzW4svkHKyfoIEz8wY7PoljSHbCJQ6wYGIodIZsjk5 PULLE44EX8IGjoHwFe3XFIAj2s6OJ8mL53hv0yTZCNlDz5tJG4WanNyILXzi8gPDKQj7 IOPQ== X-Gm-Message-State: AODbwcDUJBWo/zRoOx7F0yAJdmMX0qbEQ4CZ1a9RwZZaVsf+p12TZRGx Mvyz8MLR85qvd+EW29eMtZkH X-Received: by 10.84.224.135 with SMTP id s7mr707137plj.66.1494341020793; Tue, 09 May 2017 07:43:40 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.126]) by smtp.gmail.com with ESMTPSA id 11sm341811pfj.59.2017.05.09.07.43.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 09 May 2017 07:43:40 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: stable@vger.kernel.org, Kangjie Lu , Kangjie Lu , Takashi Iwai Subject: [PATCH for-3.18 20/24] ALSA: timer: Fix leak in events via snd_timer_user_ccallback Date: Tue, 9 May 2017 20:12:44 +0530 Message-Id: <1494340968-17152-21-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1494340968-17152-1-git-send-email-amit.pundir@linaro.org> References: <1494340968-17152-1-git-send-email-amit.pundir@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kangjie Lu commit 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 upstream. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Signed-off-by: Kangjie Lu Signed-off-by: Takashi Iwai Signed-off-by: Amit Pundir --- sound/core/timer.c | 1 + 1 file changed, 1 insertion(+) -- 2.7.4 diff --git a/sound/core/timer.c b/sound/core/timer.c index ede058bd49a4..47c8beb5eb40 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1260,6 +1260,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri, tu->tstamp = *tstamp; if ((tu->filter & (1 << event)) == 0 || !tu->tread) return; + memset(&r1, 0, sizeof(r1)); r1.event = event; r1.tstamp = *tstamp; r1.val = resolution;