* CVE-2014-9892 fix is not upstream
@ 2016-08-23 13:40 Luis Henriques
2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques
0 siblings, 1 reply; 4+ messages in thread
From: Luis Henriques @ 2016-08-23 13:40 UTC (permalink / raw)
To: Krishnankutty Kolathappilly
Cc: Vinod Koul, Jaroslav Kysela, Takashi Iwai, alsa-devel, linux-kernel
Hi!
Digging through some old CVEs I came across this one that doesn't seem be
in mainline. Was there a good reason for not being sent upstream? Maybe it was
rejected for some reason and I failed to find the discussion.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9892
https://source.android.com/security/bulletin/2016-08-01.html
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e
Cheers,
--
Luís
^ permalink raw reply [flat|nested] 4+ messages in thread
* ALSA: compress: Memset timestamp structure to zero.
2016-08-23 13:40 CVE-2014-9892 fix is not upstream Luis Henriques
@ 2016-08-23 13:40 ` Luis Henriques
2016-08-23 13:45 ` Takashi Iwai
0 siblings, 1 reply; 4+ messages in thread
From: Luis Henriques @ 2016-08-23 13:40 UTC (permalink / raw)
To: Krishnankutty Kolathappilly
Cc: Vinod Koul, Jaroslav Kysela, Takashi Iwai, alsa-devel, linux-kernel
From: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
snd_compr_tstamp is initialized using aggregate initialization
that does not zero out the padded bytes. Initialize timestamp
structure to zero using memset to avoid this.
CRs-Fixed: 568717
Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d
Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
---
sound/core/compress_offload.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index 2c498488af6c..84aaa07ca853 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -659,9 +659,10 @@ snd_compr_set_metadata(struct snd_compr_stream *stream, unsigned long arg)
static inline int
snd_compr_tstamp(struct snd_compr_stream *stream, unsigned long arg)
{
- struct snd_compr_tstamp tstamp = {0};
+ struct snd_compr_tstamp tstamp;
int ret;
+ memset(&tstamp, 0, sizeof(tstamp));
ret = snd_compr_update_tstamp(stream, &tstamp);
if (ret == 0)
ret = copy_to_user((struct snd_compr_tstamp __user *)arg,
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: ALSA: compress: Memset timestamp structure to zero.
2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques
@ 2016-08-23 13:45 ` Takashi Iwai
2016-08-23 16:01 ` Vinod Koul
0 siblings, 1 reply; 4+ messages in thread
From: Takashi Iwai @ 2016-08-23 13:45 UTC (permalink / raw)
To: Luis Henriques
Cc: Krishnankutty Kolathappilly, alsa-devel, Vinod Koul,
Jaroslav Kysela, linux-kernel
On Tue, 23 Aug 2016 15:40:37 +0200,
Luis Henriques wrote:
>
> From: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
>
> snd_compr_tstamp is initialized using aggregate initialization
> that does not zero out the padded bytes. Initialize timestamp
> structure to zero using memset to avoid this.
>
> CRs-Fixed: 568717
> Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d
> Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
Vinod already informed me about this, and we agreed that it doesn't
make any sense. What does it really fix?
thanks,
Takashi
> ---
> sound/core/compress_offload.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
> index 2c498488af6c..84aaa07ca853 100644
> --- a/sound/core/compress_offload.c
> +++ b/sound/core/compress_offload.c
> @@ -659,9 +659,10 @@ snd_compr_set_metadata(struct snd_compr_stream *stream, unsigned long arg)
> static inline int
> snd_compr_tstamp(struct snd_compr_stream *stream, unsigned long arg)
> {
> - struct snd_compr_tstamp tstamp = {0};
> + struct snd_compr_tstamp tstamp;
> int ret;
>
> + memset(&tstamp, 0, sizeof(tstamp));
> ret = snd_compr_update_tstamp(stream, &tstamp);
> if (ret == 0)
> ret = copy_to_user((struct snd_compr_tstamp __user *)arg,
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ALSA: compress: Memset timestamp structure to zero.
2016-08-23 13:45 ` Takashi Iwai
@ 2016-08-23 16:01 ` Vinod Koul
0 siblings, 0 replies; 4+ messages in thread
From: Vinod Koul @ 2016-08-23 16:01 UTC (permalink / raw)
To: Takashi Iwai
Cc: Luis Henriques, Krishnankutty Kolathappilly, alsa-devel,
Jaroslav Kysela, linux-kernel
On Tue, Aug 23, 2016 at 03:45:38PM +0200, Takashi Iwai wrote:
> On Tue, 23 Aug 2016 15:40:37 +0200,
> Luis Henriques wrote:
> >
> > From: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
> >
> > snd_compr_tstamp is initialized using aggregate initialization
> > that does not zero out the padded bytes. Initialize timestamp
> > structure to zero using memset to avoid this.
> >
> > CRs-Fixed: 568717
> > Change-Id: I7a7d188705161f06201f1a1f2945bb6acd633d5d
> > Signed-off-by: Krishnankutty Kolathappilly <kkolat@codeaurora.org>
>
> Vinod already informed me about this, and we agreed that it doesn't
> make any sense. What does it really fix?
Btw is there a process to make this CVE invalidated?
--
~Vinod
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-23 15:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-23 13:40 CVE-2014-9892 fix is not upstream Luis Henriques
2016-08-23 13:40 ` ALSA: compress: Memset timestamp structure to zero Luis Henriques
2016-08-23 13:45 ` Takashi Iwai
2016-08-23 16:01 ` Vinod Koul
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).