2023-05-19 09:33:50

by Takashi Iwai

[permalink] [raw]
Subject: [PATCH 16/36] ALSA: seq: Clear padded bytes at expanding events

There can be a small memory hole that may not be cleared at expanding
an event with the variable length type. Make sure to clear it.

Signed-off-by: Takashi Iwai <[email protected]>
---
sound/core/seq/seq_memory.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
index 47ef6bc30c0e..c8d26bce69ff 100644
--- a/sound/core/seq/seq_memory.c
+++ b/sound/core/seq/seq_memory.c
@@ -152,12 +152,16 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char
return -EINVAL;
if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len))
return -EFAULT;
- return newlen;
+ } else {
+ err = snd_seq_dump_var_event(event,
+ in_kernel ? seq_copy_in_kernel : seq_copy_in_user,
+ &buf);
+ if (err < 0)
+ return err;
}
- err = snd_seq_dump_var_event(event,
- in_kernel ? seq_copy_in_kernel : seq_copy_in_user,
- &buf);
- return err < 0 ? err : newlen;
+ if (len != newlen)
+ memset(buf + len, 0, newlen - len);
+ return newlen;
}
EXPORT_SYMBOL(snd_seq_expand_var_event);

--
2.35.3