ALSA: timer: Fix leak in events via snd_timer_user_ccallback

The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Change-Id: I5ece63432f6ca6251fa31c046c211c8c03313a59 Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Takashi Iwai <tiwai@suse.de>
author: Kangjie Lu <kangjielu@gmail.com> 2016-05-03 16:44:20 -0400
committer: Ziyan <jaraidaniel@gmail.com> 2016-10-29 01:34:13 +0200
commit: 7e256b4cf4b87a702cb8456f539071285f375da9 (patch)
tree: e4a83e554cf483e085574d91c36018d3bfb29dba
parent: b4a6a597d929d00578e6ba68a38467027c955a81 (diff)
download: kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.zip
kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.tar.gz
kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/sound/core/timer.c b/sound/core/timer.c
index 269108a..c0a11d5 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1180,6 +1180,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
 		tu->tstamp = *tstamp;
 	if ((tu->filter & (1 << event)) == 0 || !tu->tread)
 		return;
+	memset(&r1, 0, sizeof(r1));
 	r1.event = event;
 	r1.tstamp = *tstamp;
 	r1.val = resolution;
author	Kangjie Lu <kangjielu@gmail.com>	2016-05-03 16:44:20 -0400
committer	Ziyan <jaraidaniel@gmail.com>	2016-10-29 01:34:13 +0200
commit	7e256b4cf4b87a702cb8456f539071285f375da9 (patch)
tree	e4a83e554cf483e085574d91c36018d3bfb29dba
parent	b4a6a597d929d00578e6ba68a38467027c955a81 (diff)
download	kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.zip kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.tar.gz kernel_samsung_tuna-7e256b4cf4b87a702cb8456f539071285f375da9.tar.bz2