driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak

sohu0106 <sohu0106@xxxxxxx> · Thu, 3 Aug 2017 22:01:40 +0800 (CST)

driver/video/fbdev/aty/atyfb_base.c
In atyfb_ioctl() structure atyclk is copied to userland with padding bytes after "vclk_post_div" field unitialized.  It leads to leaking of contents of kernel stack memory.

3  drivers/video/fbdev/aty/atyfb_base.c
 @@ -1857,6 +1857,9 @@ static int atyfb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
  		if (M64_HAS(INTEGRATED)) {
  			struct atyclk clk;
  			union aty_pll *pll = &par->pll;
 +			
 +			memset( &clk, 0, sizeof(struct atyclk) );
 +			
  			u32 dsp_config = pll->ct.dsp_config;
  			u32 dsp_on_off = pll->ct.dsp_on_off;
  			clk.ref_clk_per = par->ref_clk_per;

 ��.n��������+%������w��{.n�����{����n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�