Re: [PATCH] media: rcar_drif: fix a memory disclosure

From: Geert Uytterhoeven
Date: Mon Oct 21 2019 - 03:48:46 EST

Next message: Ingo Molnar: "Re: [PATCH v4 00/10] sched/fair: rework the CFS load balance"
Previous message: Leo Yan: "[PATCH] perf cs-etm: Fix definition of macro TO_CS_QUEUE_NR"
In reply to: Kangjie Lu: "[PATCH] media: rcar_drif: fix a memory disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Kangjie,

On Sat, Oct 19, 2019 at 12:29 AM Kangjie Lu <kjlu@xxxxxxx> wrote:
> "f->fmt.sdr.reserved" is uninitialized. As other peer drivers
> like msi2500 and airspy do, the fix initializes it to avoid
> memory disclosures.
>
> Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>

Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>

> --- a/drivers/media/platform/rcar_drif.c
> +++ b/drivers/media/platform/rcar_drif.c
> @@ -912,6 +912,7 @@ static int rcar_drif_g_fmt_sdr_cap(struct file *file, void *priv,
> {
> struct rcar_drif_sdr *sdr = video_drvdata(file);
>
> + memset(f->fmt.sdr.reserved, 0, sizeof(f->fmt.sdr.reserved));
> f->fmt.sdr.pixelformat = sdr->fmt->pixelformat;
> f->fmt.sdr.buffersize = sdr->fmt->buffersize;

I would do the memset() at the end, though, to follow declaration order of the
struct members.

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

Next message: Ingo Molnar: "Re: [PATCH v4 00/10] sched/fair: rework the CFS load balance"
Previous message: Leo Yan: "[PATCH] perf cs-etm: Fix definition of macro TO_CS_QUEUE_NR"
In reply to: Kangjie Lu: "[PATCH] media: rcar_drif: fix a memory disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]