If the ->get_caps() function doesn't clear the buffer then there would stack information leaked to userspace. For example, soc_compr_get_caps() can return success without clearing the buffer. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> --- Perhaps the soc_compr_get_caps() function should return an error code if the platform->driver->compr_ops is NULL. I'm not sure about that, and it's a separate issue anyway. diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index c84abc8..8d3190a 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -375,6 +375,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) if (!stream->ops->get_caps) return -ENXIO; + memset(&caps, 0, sizeof(caps)); retval = stream->ops->get_caps(stream, &caps); if (retval) goto out; -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
