From a8c006aafead3c45ae5d5601e3717055bccf41bc Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 31 Mar 2017 18:22:23 +0300 Subject: [PATCH] ALSA: timer: Info leak in snd_timer_user_tinterrupt() The "r1" struct has memory holes. We clear it with memset on one path where it is used but not the other. Let's just memset it at the start of the function so it's always safe. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- sound/core/timer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/core/timer.c b/sound/core/timer.c index 8b9e7943a83b..2f836ca09860 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1277,6 +1277,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, struct timespec tstamp; int prev, append = 0; + memset(&r1, 0, sizeof(r1)); memset(&tstamp, 0, sizeof(tstamp)); spin_lock(&tu->qlock); if ((tu->filter & ((1 << SNDRV_TIMER_EVENT_RESOLUTION) | @@ -1292,7 +1293,6 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, } if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) && tu->last_resolution != resolution) { - memset(&r1, 0, sizeof(r1)); r1.event = SNDRV_TIMER_EVENT_RESOLUTION; r1.tstamp = tstamp; r1.val = resolution;