ALSA: compress: info leak in snd_compr_get_caps()

If the ->get_caps() function doesn't clear the buffer then there would
stack information leaked to userspace.  For example,
soc_compr_get_caps() can return success without clearing the buffer.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index 7941ace782833e78026cb9c9b8494f27fc8b2d2c..664c69398b4168441cbbe5fbcf0f9352f9b3b083 100644 (file)
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -409,6 +409,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg)
        if (!stream->ops->get_caps)
                return -ENXIO;
 
+       memset(&caps, 0, sizeof(caps));
        retval = stream->ops->get_caps(stream, &caps);
        if (retval)
                goto out;