Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp596760ybz;
        Wed, 22 Apr 2020 04:26:30 -0700 (PDT)
X-Google-Smtp-Source: APiQypIRiKYytcWlDfmYRpoMvz2DdPo3zbrsLCEabseD68fvtggZLiM/fCqKIQ13/2d76etq+JHr
X-Received: by 2002:a05:6402:3121:: with SMTP id dd1mr17590209edb.168.1587554790436;
        Wed, 22 Apr 2020 04:26:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587554790; cv=none;
        d=google.com; s=arc-20160816;
        b=onLk3raR6jhqIKBltDqFHM0vS5r5YjxgH5mydkVMhkLUoZCXaGpsybPPZTWrGR/TpP
         WChEhFbvJcZC+qYnB7NRD0XoivcDPrqOoK2vlhzMr/RWGmyAYrAdfXRMqRrRwZ652X51
         wy7r8S7H4/8+qs1trHGjYG+Uo+m2CQm7jalFRr7rOpbAngtiU6PROyXRzUUXbNbqPaVN
         qFsQNALSxJtb0HI4Xab5lD/zfgquTFqxrOqxN75dizwiAlsQOLqEzrDyMJu5cx+7+QtO
         4Jw9Z+WE5Y4p19Tr5jJiTo273h4RrXTCrRvlFURJMQIxGBEXsq1gqkwTZY6xJj0AnRnk
         i74Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=T5q8T+7vb29HFPARNOiQogqKFwzEyQT9685i6qVnXxc=;
        b=D2Xi622xSCg92qz/njC0G7+xuGVImOoiXqTSDF0qMTGc7oerAO/XVLuXv/V+fzaA+c
         U367bIR1a0w9KNpzgy/xHwRCAjx7rfZvEQcN/DKoZrRNUssUglshYTbYaKpjASx2107Q
         ibMiyTdBM6Pf2RK2bJ2cnTWazTcZ3EtzCY9MRsoxoBvxxadB+K7pNPQAoGo/2ALESr8M
         TZQk5CRiPq2c38s3LA7zrka5Vz2aYTRrizHEXEXz2Y906HnmDFKQfJLfFAUwAmeq1UsZ
         oPDblLf/3+Gki8NbrFzrm2DT+fK2Rp3yoE2CIh93oLd+AgzLz1C64y/XhQe8witebkeA
         un4g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r24si3547674edc.217.2020.04.22.04.26.07;
        Wed, 22 Apr 2020 04:26:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726863AbgDVLY2 (ORCPT <rfc822;gasparwang.pro@gmail.com>
        + 99 others); Wed, 22 Apr 2020 07:24:28 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:42355 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726386AbgDVLY2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Apr 2020 07:24:28 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <colin.king@canonical.com>)
        id 1jRDUH-0006HA-IO; Wed, 22 Apr 2020 11:24:17 +0000
From:   Colin King <colin.king@canonical.com>
To:     Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>,
        Liam Girdwood <lgirdwood@gmail.com>,
        Ranjani Sridharan <ranjani.sridharan@linux.intel.com>,
        Kai Vehmanen <kai.vehmanen@linux.intel.com>,
        Daniel Baluta <daniel.baluta@nxp.com>,
        Mark Brown <broonie@kernel.org>,
        Jaroslav Kysela <perex@perex.cz>,
        Takashi Iwai <tiwai@suse.com>,
        sound-open-firmware@alsa-project.org, alsa-devel@alsa-project.org
Cc:     kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] ASoC: SOF: ensure all fields in header are zero'd before copying back to userspace
Date:   Wed, 22 Apr 2020 12:24:17 +0100
Message-Id: <20200422112417.208843-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

Field header.tlv is uninitialized and being copied back to userspace
and hence leaking data from the stack to userspace.  Fix this by
ensuring the header structure is zero'd.

Fixes: c3078f539704 ("ASoC: SOF: Add Sound Open Firmware KControl support")
Addresses-Coverity: ("Uninitialized scalar variable")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 sound/soc/sof/control.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/sof/control.c b/sound/soc/sof/control.c
index dfc412e2d956..97d5c1a4c1ff 100644
--- a/sound/soc/sof/control.c
+++ b/sound/soc/sof/control.c
@@ -362,7 +362,7 @@ int snd_sof_bytes_ext_get(struct snd_kcontrol *kcontrol,
 	struct snd_sof_control *scontrol = be->dobj.private;
 	struct snd_soc_component *scomp = scontrol->scomp;
 	struct sof_ipc_ctrl_data *cdata = scontrol->control_data;
-	struct snd_ctl_tlv header;
+	struct snd_ctl_tlv header = { };
 	struct snd_ctl_tlv __user *tlvd =
 		(struct snd_ctl_tlv __user *)binary_data;
 	int data_size;
-- 
2.25.1