On Tue, Jun 4, 2013 at 6:13 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> If we pass an invalid clock type then "ts" is never set. We need to
> check for errors earlier, otherwise we end up passing uninitialized
> stack data to userspace.
>
> Reported-by: John Stultz <john.stultz@xxxxxxxxxx>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/drivers/staging/android/alarm-dev.c b/drivers/staging/android/alarm-dev.c
> index c8600d9..6dc27da 100644
> --- a/drivers/staging/android/alarm-dev.c
> +++ b/drivers/staging/android/alarm-dev.c
> @@ -297,6 +297,8 @@ static long alarm_compat_ioctl(struct file *file, unsigned int cmd,
> }
>
> rv = alarm_do_ioctl(file, cmd, &ts);
> + if (rv)
> + return rv;
>
> switch (ANDROID_ALARM_BASE_CMD(cmd)) {
> case ANDROID_ALARM_GET_TIME(0): /* NOTE: we modified cmd above */
> @@ -305,7 +307,7 @@ static long alarm_compat_ioctl(struct file *file, unsigned int cmd,
> break;
> }
>
> - return rv;
> + return 0;
> }
> #endif
>
Is there a separate fix for alarm_ioctl? It seems to have the same problem.
--
Arve Hjønnevåg
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
