3.16.79-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Bortoli <tomasbortoli@xxxxxxxxx>
commit a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 upstream.
The function at issue does not always initialize each byte allocated
for 'b' and can therefore leak uninitialized memory to a USB device in
the call to usb_bulk_msg()
Use kzalloc() instead of kmalloc()
Signed-off-by: Tomas Bortoli <tomasbortoli@xxxxxxxxx>
Reported-by: syzbot+0522702e9d67142379f1@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Sean Young <sean@xxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/media/usb/ttusb-dec/ttusb_dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
@@ -272,7 +272,7 @@ static int ttusb_dec_send_command(struct
dprintk("%s\n", __func__);
- b = kmalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
+ b = kzalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
if (!b)
return -ENOMEM;
