From: Dan Carpenter Date: Fri, 31 Mar 2017 15:22:23 +0000 (+0300) Subject: ALSA: timer: Info leak in snd_timer_user_tinterrupt() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a8c006aafead3c45ae5d5601e3717055bccf41bc;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git ALSA: timer: Info leak in snd_timer_user_tinterrupt() The "r1" struct has memory holes. We clear it with memset on one path where it is used but not the other. Let's just memset it at the start of the function so it's always safe. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- diff --git a/sound/core/timer.c b/sound/core/timer.c index 8b9e7943a83b..2f836ca09860 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1277,6 +1277,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, struct timespec tstamp; int prev, append = 0; + memset(&r1, 0, sizeof(r1)); memset(&tstamp, 0, sizeof(tstamp)); spin_lock(&tu->qlock); if ((tu->filter & ((1 << SNDRV_TIMER_EVENT_RESOLUTION) | @@ -1292,7 +1293,6 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, } if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) && tu->last_resolution != resolution) { - memset(&r1, 0, sizeof(r1)); r1.event = SNDRV_TIMER_EVENT_RESOLUTION; r1.tstamp = tstamp; r1.val = resolution;