On Mon, 10 Sep 2018 17:19:32 +0200, Takashi Iwai wrote: > > From: Willy Tarreau <w@xxxxxx> > > snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates > memory using kmalloc() and partially fills it by calling > snd_emu10k1_fx8010_info() before returning the resulting > structure to userspace, leaving uninitialized holes. Let's > just use kzalloc() here. > > BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html BTW, for avoiding someone falling into the same pitfall like me: you can forget about the case 2 in the URL above. It's invalid. We have a complete copy_from_user() at first, so no leak happens. Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
