git.kernel.dk Git - linux-2.6-block.git/commit

author	Peilin Ye <yepeilin.cs@gmail.com>
	Mon, 27 Jul 2020 08:00:02 +0000 (10:00 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 5 Sep 2020 09:24:02 +0000 (11:24 +0200)
commit	5b1c0ed9ff3c706ba49efd32eac466ed34825c23
tree	f0b9182c14269dd8c3615bbd3d9cb353cc9ca81c	tree
parent	ff95152b14f2aaaf410d1f0cfe645f84d1d59e66	commit \| diff

media: media/v4l2-core: Fix kernel-infoleak in video_put_user()

commit 4ffb879ea648c2b42da4ca992ed3db87e564af69 upstream.

video_put_user() is copying uninitialized stack memory to userspace due
to the compiler not initializing holes in the structures declared on the
stack. Fix it by initializing `ev32` and `vb32` using memset().

Reported-and-tested-by: syzbot+79d751604cb6f29fbf59@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=79d751604cb6f29fbf59
Cc: stable@vger.kernel.org
Fixes: 1a6c0b36dd19 ("media: v4l2-core: fix VIDIOC_DQEVENT for time64 ABI")
Fixes: 577c89b0ce72 ("media: v4l2-core: fix v4l2_buffer handling for time64 ABI")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>