On Fri, Sep 23, 2011 at 09:22:07AM +0300, Dan Carpenter wrote: > Smatch has a new check for Rosenberg type information leaks where > structs are copied to the user with uninitialized stack data in them. > > The issue here is that struct input_event_compat has a hole in it. > > struct input_event_compat { > struct compat_timeval { > } time; /* 0 0 */ > > /* XXX 8 bytes hole, try to pack */ > > short unsigned int type; /* 8 2 */ Hm, are you sure? 8-bytes is way too much. I'd expect type to be aligned on 2-byte boundary, at least on x86_64... > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > diff --git a/drivers/input/input-compat.c b/drivers/input/input-compat.c > index e46a867..007850a 100644 > --- a/drivers/input/input-compat.c > +++ b/drivers/input/input-compat.c > @@ -44,6 +44,8 @@ int input_event_to_user(char __user *buffer, > if (INPUT_COMPAT_TEST) { > struct input_event_compat compat_event; > > + memset(&compat_event, 0, sizeof(compat_event)); > + > compat_event.time.tv_sec = event->time.tv_sec; > compat_event.time.tv_usec = event->time.tv_usec; > compat_event.type = event->type; -- Dmitry -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html