mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-16 07:35:14 +00:00
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
[ Upstream commit a10feaf8c4
]
The function at issue does not always initialize each byte allocated
for 'b' and can therefore leak uninitialized memory to a USB device in
the call to usb_bulk_msg()
Use kzalloc() instead of kmalloc()
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+0522702e9d67142379f1@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
00012b2925
commit
580ee4a521
1 changed files with 1 additions and 1 deletions
|
@ -330,7 +330,7 @@ static int ttusb_dec_send_command(struct ttusb_dec *dec, const u8 command,
|
|||
|
||||
dprintk("%s\n", __func__);
|
||||
|
||||
b = kmalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
|
||||
b = kzalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
|
||||
if (!b)
|
||||
return -ENOMEM;
|
||||
|
||||
|
|
Loading…
Reference in a new issue