ALSA: timer: Fix leak in events via snd_timer_user_ccallback

The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Change-Id: I5ece63432f6ca6251fa31c046c211c8c03313a59 Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Takashi Iwai <tiwai@suse.de>
author: Kangjie Lu <kangjielu@gmail.com> 2016-05-03 16:44:20 -0400
committer: Andreas Blaesius <skate4life@gmx.de> 2016-10-12 23:27:07 +0200
commit: 29cc826b5b7f832082e2da8ed346e5b7333cc489 (patch)
tree: 8f62a0fb7c43aef0ab533e46fa3712889a0b241c
parent: f4c062c38000e240353a0b34ceb629004775a398 (diff)
download: kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.zip
kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.tar.gz
kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/sound/core/timer.c b/sound/core/timer.c
index 269108a..c0a11d5 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1180,6 +1180,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
 		tu->tstamp = *tstamp;
 	if ((tu->filter & (1 << event)) == 0 || !tu->tread)
 		return;
+	memset(&r1, 0, sizeof(r1));
 	r1.event = event;
 	r1.tstamp = *tstamp;
 	r1.val = resolution;
author	Kangjie Lu <kangjielu@gmail.com>	2016-05-03 16:44:20 -0400
committer	Andreas Blaesius <skate4life@gmx.de>	2016-10-12 23:27:07 +0200
commit	29cc826b5b7f832082e2da8ed346e5b7333cc489 (patch)
tree	8f62a0fb7c43aef0ab533e46fa3712889a0b241c
parent	f4c062c38000e240353a0b34ceb629004775a398 (diff)
download	kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.zip kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.tar.gz kernel_samsung_espresso10-29cc826b5b7f832082e2da8ed346e5b7333cc489.tar.bz2