• Dan Carpenter's avatar
    ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl() · 643d6bbb
    Dan Carpenter authored
    Smatch has a new check for Rosenberg type information leaks where
    structs are copied to the user with uninitialized stack data in them.
    
    The status struct has a hole in it, and on some paths not all the
    members were initialized.
    
    struct hdspm_status {
            unsigned char              card_type;            /*     0     1 */
            /* XXX 3 bytes hole, try to pack */
            enum hdspm_syncsource      autosync_source;      /*     4     4 */
            long long unsigned int     card_clock;           /*     8     8 */
    
    The hdspm_version struct had holes in it as well.
    
    struct hdspm_version {
            unsigned char              card_type;            /*     0     1 */
            char                       cardname[20];         /*     1    20 */
            /* XXX 3 bytes hole, try to pack */
            unsigned int               serial;               /*    24     4 */
            short unsigned int         firmware_rev;         /*    28     2 */
            /* XXX 2 bytes hole, try to pack */
            int                        addons;               /*    32     4 */
    Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    643d6bbb
hdspm.c 180 KB