Am 21.04.2013 13:07, schrieb Dan Carpenter: > If the ->get_caps() function doesn't clear the buffer then there would > stack information leaked to userspace. For example, > soc_compr_get_caps() can return success without clearing the buffer. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > Perhaps the soc_compr_get_caps() function should return an error code > if the platform->driver->compr_ops is NULL. I'm not sure about that, > and it's a separate issue anyway. > > diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c > index c84abc8..8d3190a 100644 > --- a/sound/core/compress_offload.c > +++ b/sound/core/compress_offload.c > @@ -375,6 +375,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) > if (!stream->ops->get_caps) > return -ENXIO; > > + memset(&caps, 0, sizeof(caps)); > retval = stream->ops->get_caps(stream, &caps); > if (retval) > goto out; > -- IMHO this should be done in get_caps() as it will manipulate the entries. or is there a special reason to have it here ? re, wh -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
