diff options
| author | vivek mehta <mvivek@codeaurora.org> | 2016-09-12 17:27:06 -0700 |
|---|---|---|
| committer | Joey Rizzoli <joey@lineageos.org> | 2017-06-14 23:00:18 +0200 |
| commit | d41bb15b39db97028b9f94bfbce046e40d8a6d88 (patch) | |
| tree | 5bd4df66aab621c4fb259e0838eb6429a1f50892 | |
| parent | 0a5461ab5512dba6729d71b59b98f7052e4f002f (diff) | |
ASoC: msm: initialize the params array before using it
The params array is used without initialization, which may cause
security issues. Initialize it as all zero after the definition.
bug: 30902162
Change-Id: If462fe3d82f139d72547f82dc7eb564f83cb35bf
Signed-off-by: vivek mehta <mvivek@codeaurora.org>
| -rwxr-xr-x | sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c index 577a5bff9a1..25bf2468247 100755 --- a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c +++ b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c @@ -1038,6 +1038,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream, struct snd_dec_ddp *ddp = &compr->info.codec_param.codec.options.ddp; uint32_t params_length = 0; + memset(params_value, 0, MAX_AC3_PARAM_SIZE); /* check integer overflow */ if (ddp->params_length > UINT_MAX/sizeof(int)) { pr_err("%s: Integer overflow ddp->params_length %d\n", @@ -1078,6 +1079,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream, struct snd_dec_ddp *ddp = &compr->info.codec_param.codec.options.ddp; uint32_t params_length = 0; + memset(params_value, 0, MAX_AC3_PARAM_SIZE); /* check integer overflow */ if (ddp->params_length > UINT_MAX/sizeof(int)) { pr_err("%s: Integer overflow ddp->params_length %d\n", |