diff mbox series

media: rcar_drif: fix a memory disclosure

Message ID	20191018044701.4786-1-kjlu@umn.edu (mailing list archive)
State	Accepted, archived
Delegated to:	Hans Verkuil
Headers	From: Kangjie Lu <kjlu@umn.edu> To: kjlu@umn.edu Cc: Ramesh Shanmugasundaram <ramesh.shanmugasundaram@bp.renesas.com>, Mauro Carvalho Chehab <mchehab@kernel.org>, linux-media@vger.kernel.org, linux-renesas-soc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] media: rcar_drif: fix a memory disclosure Date: Thu, 17 Oct 2019 23:47:00 -0500 Message-Id: <20191018044701.4786-1-kjlu@umn.edu> Sender: linux-media-owner@vger.kernel.org Precedence: bulk
Series	media: rcar_drif: fix a memory disclosure \| media: rcar_drif: fix a memory disclosure

Commit Message

Kangjie Lu Oct. 18, 2019, 4:47 a.m. UTC

"f->fmt.sdr.reserved" is uninitialized. As other peer drivers
like msi2500 and airspy do, the fix initializes it to avoid
memory disclosures.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 drivers/media/platform/rcar_drif.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Geert Uytterhoeven Oct. 21, 2019, 7:48 a.m. UTC | #1

Hi Kangjie,

On Sat, Oct 19, 2019 at 12:29 AM Kangjie Lu <kjlu@umn.edu> wrote:
> "f->fmt.sdr.reserved" is uninitialized. As other peer drivers
> like msi2500 and airspy do, the fix initializes it to avoid
> memory disclosures.
>
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>

Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>

> --- a/drivers/media/platform/rcar_drif.c
> +++ b/drivers/media/platform/rcar_drif.c
> @@ -912,6 +912,7 @@ static int rcar_drif_g_fmt_sdr_cap(struct file *file, void *priv,
>  {
>         struct rcar_drif_sdr *sdr = video_drvdata(file);
>
> +       memset(f->fmt.sdr.reserved, 0, sizeof(f->fmt.sdr.reserved));
>         f->fmt.sdr.pixelformat = sdr->fmt->pixelformat;
>         f->fmt.sdr.buffersize = sdr->fmt->buffersize;

I would do the memset() at the end, though, to follow declaration order of the
struct members.

Gr{oetje,eeting}s,

                        Geert


--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

diff mbox series

Patch

diff --git a/drivers/media/platform/rcar_drif.c b/drivers/media/platform/rcar_drif.c
index 608e5217ccd5..0f267a237b42 100644
--- a/drivers/media/platform/rcar_drif.c
+++ b/drivers/media/platform/rcar_drif.c
@@ -912,6 +912,7 @@  static int rcar_drif_g_fmt_sdr_cap(struct file *file, void *priv,
 {
 	struct rcar_drif_sdr *sdr = video_drvdata(file);
 
+	memset(f->fmt.sdr.reserved, 0, sizeof(f->fmt.sdr.reserved));
 	f->fmt.sdr.pixelformat = sdr->fmt->pixelformat;
 	f->fmt.sdr.buffersize = sdr->fmt->buffersize;