[PATCH 1/5] gspca: zero usb_buf

Hans Verkuil <hverkuil-cisco@xxxxxxxxx> · Tue, 12 Nov 2019 10:22:24 +0100

Allocate gspca_dev->usb_buf with kzalloc instead of kmalloc to
ensure it is property zeroed. This fixes various syzbot errors
about uninitialized data.

Syzbot links:

https://syzkaller.appspot.com/bug?extid=32310fc2aea76898d074
https://syzkaller.appspot.com/bug?extid=99706d6390be1ac542a2
https://syzkaller.appspot.com/bug?extid=64437af5c781a7f0e08e

Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Reported-and-tested-by: syzbot+32310fc2aea76898d074@xxxxxxxxxxxxxxxxxxxxxxxxx
Reported-and-tested-by: syzbot+99706d6390be1ac542a2@xxxxxxxxxxxxxxxxxxxxxxxxx
Reported-and-tested-by: syzbot+64437af5c781a7f0e08e@xxxxxxxxxxxxxxxxxxxxxxxxx
---
 drivers/media/usb/gspca/gspca.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c
index 4add2b12d330..c1b307bbe540 100644
--- a/drivers/media/usb/gspca/gspca.c
+++ b/drivers/media/usb/gspca/gspca.c
@@ -1461,7 +1461,7 @@ int gspca_dev_probe2(struct usb_interface *intf,
 		pr_err("couldn't kzalloc gspca struct\n");
 		return -ENOMEM;
 	}
-	gspca_dev->usb_buf = kmalloc(USB_BUF_SZ, GFP_KERNEL);
+	gspca_dev->usb_buf = kzalloc(USB_BUF_SZ, GFP_KERNEL);
 	if (!gspca_dev->usb_buf) {
 		pr_err("out of memory\n");
 		ret = -ENOMEM;
-- 
2.24.0







