Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
2bec4f071d
DivestOS/Patches/Linux_CVEs/CVE-2013-4739/ANY/0001.patch
Tad 11c7037780 Switch to new CVE patchset
2017-11-07 17:32:46 -05:00

51 lines
2.1 KiB
Diff
Raw Blame History

From 8604847927f952cc8e773b97eca24e1060a570f2 Mon Sep 17 00:00:00 2001
From: Seemanta Dutta <seemanta@codeaurora.org>
Date: Thu, 25 Jul 2013 18:01:32 -0700
Subject: msm: camera: Fix uninitialized memory returned to userspace
Local structures have not been initialized to all zeroes, so fix
this by setting them to all zeroes to prevent uninitialized memory
being copied to userspace.
CRs-fixed: 518478
Change-Id: I6e76355c3f854514def1bd18dcc5c3ef6db38f16
Signed-off-by: Seemanta Dutta <seemanta@codeaurora.org>
---
drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c | 3 ++-
drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c b/drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c
index 9293aad..e6483c1 100644
--- a/drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c
+++ b/drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -196,6 +196,7 @@ int msm_mercury_evt_get(struct msm_mercury_device *pmercury_dev,
int rc = 0;
MCR_DBG("(%d)%s() Enter\n", __LINE__, __func__);
+ memset(&ctrl_cmd, 0, sizeof(ctrl_cmd));
ctrl_cmd.type = (uint32_t)msm_mercury_q_wait(&pmercury_dev->evt_q);
rc = copy_to_user(arg, &ctrl_cmd, sizeof(ctrl_cmd));
diff --git a/drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c b/drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c
index aa6f034..debbf03 100644
--- a/drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c
+++ b/drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c
@@ -221,6 +221,7 @@ int msm_jpeg_evt_get(struct msm_jpeg_device *pgmn_dev,
return -EAGAIN;
}
+ memset(&ctrl_cmd, 0, sizeof(ctrl_cmd));
ctrl_cmd.type = buf_p->vbuf.type;
kfree(buf_p);
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink