* CVE-2014-9892 fix is not upstream @ 2016-08-23 13:40 Luis Henriques 2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques 0 siblings, 1 reply; 4+ messages in thread From: Luis Henriques @ 2016-08-23 13:40 UTC (permalink / raw) To: Krishnankutty Kolathappilly Cc: Vinod Koul, Jaroslav Kysela, Takashi Iwai, alsa-devel, linux-kernel Hi! Digging through some old CVEs I came across this one that doesn't seem be in mainline. Was there a good reason for not being sent upstream? Maybe it was rejected for some reason and I failed to find the discussion. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9892 https://source.android.com/security/bulletin/2016-08-01.html https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e Cheers, -- Luís ^ permalink raw reply [flat|nested] 4+ messages in thread
* ALSA: compress: Memset timestamp structure to zero. 2016-08-23 13:40 CVE-2014-9892 fix is not upstream Luis Henriques @ 2016-08-23 13:40 ` Luis Henriques 2016-08-23 13:45 ` Takashi Iwai 0 siblings, 1 reply; 4+ messages in thread From: Luis Henriques @ 2016-08-23 13:40 UTC (permalink / raw) To: Krishnankutty Kolathappilly Cc: Vinod Koul, Jaroslav Kysela, Takashi Iwai, alsa-devel, linux-kernel From: Krishnankutty Kolathappilly <kkolat@codeaurora.org> snd_compr_tstamp is initialized using aggregate initialization that does not zero out the padded bytes. Initialize timestamp structure to zero using memset to avoid this. CRs-Fixed: 568717 Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org> --- sound/core/compress_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 2c498488af6c..84aaa07ca853 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -659,9 +659,10 @@ snd_compr_set_metadata(struct snd_compr_stream *stream, unsigned long arg) static inline int snd_compr_tstamp(struct snd_compr_stream *stream, unsigned long arg) { - struct snd_compr_tstamp tstamp = {0}; + struct snd_compr_tstamp tstamp; int ret; + memset(&tstamp, 0, sizeof(tstamp)); ret = snd_compr_update_tstamp(stream, &tstamp); if (ret == 0) ret = copy_to_user((struct snd_compr_tstamp __user *)arg, ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: ALSA: compress: Memset timestamp structure to zero. 2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques @ 2016-08-23 13:45 ` Takashi Iwai 2016-08-23 16:01 ` Vinod Koul 0 siblings, 1 reply; 4+ messages in thread From: Takashi Iwai @ 2016-08-23 13:45 UTC (permalink / raw) To: Luis Henriques Cc: Krishnankutty Kolathappilly, alsa-devel, Vinod Koul, Jaroslav Kysela, linux-kernel On Tue, 23 Aug 2016 15:40:37 +0200, Luis Henriques wrote: > > From: Krishnankutty Kolathappilly <kkolat@codeaurora.org> > > snd_compr_tstamp is initialized using aggregate initialization > that does not zero out the padded bytes. Initialize timestamp > structure to zero using memset to avoid this. > > CRs-Fixed: 568717 > Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d > Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org> Vinod already informed me about this, and we agreed that it doesn't make any sense. What does it really fix? thanks, Takashi > --- > sound/core/compress_offload.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c > index 2c498488af6c..84aaa07ca853 100644 > --- a/sound/core/compress_offload.c > +++ b/sound/core/compress_offload.c > @@ -659,9 +659,10 @@ snd_compr_set_metadata(struct snd_compr_stream *stream, unsigned long arg) > static inline int > snd_compr_tstamp(struct snd_compr_stream *stream, unsigned long arg) > { > - struct snd_compr_tstamp tstamp = {0}; > + struct snd_compr_tstamp tstamp; > int ret; > > + memset(&tstamp, 0, sizeof(tstamp)); > ret = snd_compr_update_tstamp(stream, &tstamp); > if (ret == 0) > ret = copy_to_user((struct snd_compr_tstamp __user *)arg, > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ALSA: compress: Memset timestamp structure to zero. 2016-08-23 13:45 ` Takashi Iwai @ 2016-08-23 16:01 ` Vinod Koul 0 siblings, 0 replies; 4+ messages in thread From: Vinod Koul @ 2016-08-23 16:01 UTC (permalink / raw) To: Takashi Iwai Cc: Luis Henriques, Krishnankutty Kolathappilly, alsa-devel, Jaroslav Kysela, linux-kernel On Tue, Aug 23, 2016 at 03:45:38PM +0200, Takashi Iwai wrote: > On Tue, 23 Aug 2016 15:40:37 +0200, > Luis Henriques wrote: > > > > From: Krishnankutty Kolathappilly <kkolat@codeaurora.org> > > > > snd_compr_tstamp is initialized using aggregate initialization > > that does not zero out the padded bytes. Initialize timestamp > > structure to zero using memset to avoid this. > > > > CRs-Fixed: 568717 > > Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d > > Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org> > > Vinod already informed me about this, and we agreed that it doesn't > make any sense. What does it really fix? Btw is there a process to make this CVE invalidated? -- ~Vinod ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-23 15:53 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-08-23 13:40 CVE-2014-9892 fix is not upstream Luis Henriques 2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques 2016-08-23 13:45 ` Takashi Iwai 2016-08-23 16:01 ` Vinod Koul
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).