Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a7b44a8 authored by Takashi Iwai's avatar Takashi Iwai
Browse files

ALSA: rawmidi: Initialize allocated buffers 



syzbot reported the uninitialized value exposure in certain situations
using virmidi loop.  It's likely a very small race at writing and
reading, and the influence is almost negligible.  But it's safer to
paper over this just by replacing the existing kvmalloc() with
kvzalloc().

Reported-by: default avatar <syzbot+194dffdb8b22fc5d207a@syzkaller.appspotmail.com>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 16037643

sound/core/rawmidi.c

+2 −2
Original line number Diff line number Diff line
@@ -129,7 +129,7 @@ static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream) 
		runtime->avail = 0;

	else

		runtime->avail = runtime->buffer_size;

	runtime->buffer = kvmalloc(runtime->buffer_size, GFP_KERNEL);

	runtime->buffer = kvzalloc(runtime->buffer_size, GFP_KERNEL);

	if (!runtime->buffer) {

		kfree(runtime);

		return -ENOMEM;
@@ -655,7 +655,7 @@ static int resize_runtime_buffer(struct snd_rawmidi_runtime *runtime, 
	if (params->avail_min < 1 || params->avail_min > params->buffer_size)

		return -EINVAL;

	if (params->buffer_size != runtime->buffer_size) {

		newbuf = kvmalloc(params->buffer_size, GFP_KERNEL);

		newbuf = kvzalloc(params->buffer_size, GFP_KERNEL);

		if (!newbuf)

			return -ENOMEM;

		spin_lock_irq(&runtime->lock);