UPSTREAM: ALSA: timer: Fix leak in events via snd_timer_user_ccallback The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Takashi Iwai <tiwai@suse.de> Bug: None Patchset: alsa-info-leak-fixes (cherry-picked from 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6) Signed-off-by: Mattias Nissler <mnissler@google.com> Change-Id: I1b39596fc3f9ba5ee3c7eece646c4807e0ca2cc7

commit: 4ffd2647e7b3d77befe6d0c52f5c6c6fec8b7702 [log] [tgz]
author: Kangjie Lu <kangjielu@gmail.com> Tue May 03 16:44:20 2016 -0400
committer: Mattias Nissler <mnissler@google.com> Wed Jul 20 16:18:43 2016 +0200
tree: 60b26904ea36e3121122075759a4f35c17c8d09e
parent: 64a7de49b9e21b83d6b066e9cedc54c901e6efae [diff]
diff --git a/sound/core/timer.c b/sound/core/timer.c
index cfa3500..541053d 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c

@@ -1247,6 +1247,7 @@
 		tu->tstamp = *tstamp;
 	if ((tu->filter & (1 << event)) == 0 || !tu->tread)
 		return;
+	memset(&r1, 0, sizeof(r1));
 	r1.event = event;
 	r1.tstamp = *tstamp;
 	r1.val = resolution;
commit	4ffd2647e7b3d77befe6d0c52f5c6c6fec8b7702	[log] [tgz]
author	Kangjie Lu <kangjielu@gmail.com>	Tue May 03 16:44:20 2016 -0400
committer	Mattias Nissler <mnissler@google.com>	Wed Jul 20 16:18:43 2016 +0200
tree	60b26904ea36e3121122075759a4f35c17c8d09e
parent	64a7de49b9e21b83d6b066e9cedc54c901e6efae [diff]