Commit bffbbc0a authored Nov 07, 2013 by Dan Carpenter Committed by Takashi Iwai Nov 07, 2013

ALSA: sb16 - info leak in snd_sb_csp_ioctl()



There is a 2 byte hole after "info.func_nr" so we could leak unitialized
stack information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

parent f44f2a54

sound/isa/sb/sb16_csp.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
		switch (cmd) {
		/* get information */
		case SNDRV_SB_CSP_IOCTL_INFO:
		memset(&info, 0, sizeof(info));
		info.codec_name = p->codec_name;
		info.func_nr = p->func_nr;
		info.acc_format = p->acc_format;