diff options
| author | Takashi Iwai <tiwai@suse.de> | 2018-09-03 15:16:43 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-05-20 08:11:53 +0200 |
| commit | 41d7b565440dbd3bd70f23469fb600071c574bd5 (patch) | |
| tree | 8a8aa311ebfee03af80a03a80be6d184870abea6 /sound/core | |
| parent | 718eede1eeb602531e09191d3107eb849bbe64eb (diff) | |
ALSA: rawmidi: Initialize allocated buffers
commit 5a7b44a8df822e0667fc76ed7130252523993bda upstream.
syzbot reported the uninitialized value exposure in certain situations
using virmidi loop. It's likely a very small race at writing and
reading, and the influence is almost negligible. But it's safer to
paper over this just by replacing the existing kvmalloc() with
kvzalloc().
Reported-by: syzbot+194dffdb8b22fc5d207a@syzkaller.appspotmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'sound/core')
| -rw-r--r-- | sound/core/rawmidi.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c index c7faee264415..481c1ad1db57 100644 --- a/sound/core/rawmidi.c +++ b/sound/core/rawmidi.c @@ -136,7 +136,7 @@ static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream) runtime->avail = 0; else runtime->avail = runtime->buffer_size; - if ((runtime->buffer = kmalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { + if ((runtime->buffer = kzalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { kfree(runtime); return -ENOMEM; } @@ -661,7 +661,7 @@ int snd_rawmidi_output_params(struct snd_rawmidi_substream *substream, return -EINVAL; } if (params->buffer_size != runtime->buffer_size) { - newbuf = kmalloc(params->buffer_size, GFP_KERNEL); + newbuf = kzalloc(params->buffer_size, GFP_KERNEL); if (!newbuf) return -ENOMEM; spin_lock_irq(&runtime->lock); |