DivestOS/Patches/Linux_CVEs/CVE-2016-6751/0.patch

36 lines
1.5 KiB
Diff

From 38ddb9427aa96bdfcdc5fe1877f439d2f7bdd87b Mon Sep 17 00:00:00 2001
From: vivek mehta <mvivek@codeaurora.org>
Date: Mon, 12 Sep 2016 17:27:06 -0700
Subject: [PATCH] ASoC: msm: initialize the params array before using it
The params array is used without initialization, which may cause
security issues. Initialize it as all zero after the definition.
bug: 30902162
Change-Id: If462fe3d82f139d72547f82dc7eb564f83cb35bf
Signed-off-by: vivek mehta <mvivek@codeaurora.org>
---
sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
index cec79eaa81e4c..0d957246459ad 100644
--- a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
@@ -1036,6 +1036,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream,
struct snd_dec_ddp *ddp =
&compr->info.codec_param.codec.options.ddp;
uint32_t params_length = 0;
+ memset(params_value, 0, MAX_AC3_PARAM_SIZE);
/* check integer overflow */
if (ddp->params_length > UINT_MAX/sizeof(int)) {
pr_err("%s: Integer overflow ddp->params_length %d\n",
@@ -1076,6 +1077,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream,
struct snd_dec_ddp *ddp =
&compr->info.codec_param.codec.options.ddp;
uint32_t params_length = 0;
+ memset(params_value, 0, MAX_AC3_PARAM_SIZE);
/* check integer overflow */
if (ddp->params_length > UINT_MAX/sizeof(int)) {
pr_err("%s: Integer overflow ddp->params_length %d\n",