Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

UPSTREAM: ALSA: timer: Fix leak in events via snd_timer_user_ccallback

Browse source 
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.

Bug: 28980217
Change-Id: Iff69ca708e0022ce9301efae798798b9bfcf9e25
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Siqi Lin <siqilin@google.com>
(cherry picked from commit 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6)
This commit is contained in:
Kangjie Lu 2016-05-03 16:44:20 -04:00 committed by Thierry Strudel
parent 4cb76bd7b2
commit 96981f7736
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sound/core/timer.c
View file

@ -1174,6 +1174,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
tu->tstamp = *tstamp; tu->tstamp = *tstamp;
if ((tu->filter & (1 << event)) == 0 || !tu->tread) if ((tu->filter & (1 << event)) == 0 || !tu->tread)
return; return;
memset(&r1, 0, sizeof(r1));
r1.event = event; r1.event = event;
r1.tstamp = *tstamp; r1.tstamp = *tstamp;
r1.val = resolution; r1.val = resolution;