From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 23 Sep 2011 06:24:21 +0000 (+0300)
Subject: ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl()
X-Git-Tag: v3.2-rc1~127^2~3^2~13
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=643d6bbb9637a9b4bb47ec1a1ae3adf3ff9d75a1;p=pandora-kernel.git

ALSA: hdspm - potential info leak in snd_hdspm_hwdep_ioctl()

Smatch has a new check for Rosenberg type information leaks where
structs are copied to the user with uninitialized stack data in them.

The status struct has a hole in it, and on some paths not all the
members were initialized.

struct hdspm_status {
        unsigned char              card_type;            /*     0     1 */
        /* XXX 3 bytes hole, try to pack */
        enum hdspm_syncsource      autosync_source;      /*     4     4 */
        long long unsigned int     card_clock;           /*     8     8 */

The hdspm_version struct had holes in it as well.

struct hdspm_version {
        unsigned char              card_type;            /*     0     1 */
        char                       cardname[20];         /*     1    20 */
        /* XXX 3 bytes hole, try to pack */
        unsigned int               serial;               /*    24     4 */
        short unsigned int         firmware_rev;         /*    28     2 */
        /* XXX 2 bytes hole, try to pack */
        int                        addons;               /*    32     4 */

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---

Reading git-diff-tree failed