Wed Apr 22 18:12:26 2020 UTC ()

Pull up following revision(s) (requested by maxv in ticket #841):

	sys/compat/ossaudio/ossaudio.c: revision 1.83

ossaudio: Avoid giving userland uninitialized memory. Noticed by maxv.

The uninitalized field in this structure is `fillers`, an array that
simply reserves space for later changes in OSSv4, which this version
of the OSS compat layer (specifically for Linux applications) makes no
effort to implement.


(martin)

diff -r1.74.4.2 -r1.74.4.3 src/sys/compat/ossaudio/ossaudio.c

--- src/sys/compat/ossaudio/ossaudio.c 2019/11/19 11:01:27	1.74.4.2
+++ src/sys/compat/ossaudio/ossaudio.c 2020/04/22 18:12:26	1.74.4.3

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ossaudio.c,v 1.74.4.2 2019/11/19 11:01:27 martin Exp $	*/
+/*	$NetBSD: ossaudio.c,v 1.74.4.3 2020/04/22 18:12:26 martin Exp $	*/
 /*-
  * Copyright (c) 1997, 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -17,27 +17,27 @@
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ossaudio.c,v 1.74.4.2 2019/11/19 11:01:27 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ossaudio.c,v 1.74.4.3 2020/04/22 18:12:26 martin Exp $");
 #include <sys/param.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
 #include <sys/file.h>
 #include <sys/vnode.h>
 #include <sys/filedesc.h>
 #include <sys/ioctl.h>
 #include <sys/mount.h>
 #include <sys/kernel.h>
 #include <sys/audioio.h>
 #include <sys/midiio.h>
 #include <sys/kauth.h>
 @@ -1074,26 +1074,27 @@ oss_ioctl_mixer(struct lwp *lwp, const s
 	ioctlf = fp->f_ops->fo_ioctl;
 	switch (com) {
 	case OSS_GET_VERSION:
 		idat = OSS_SOUND_VERSION;
 		break;
 	case OSS_SOUND_MIXER_INFO:
 	case OSS_SOUND_OLD_MIXER_INFO:
 		error = ioctlf(fp, AUDIO_GETDEV, &adev);
 		if (error) {
 			DPRINTF(("%s: AUDIO_GETDEV %d\n",
 			    __func__, error));
 			goto out;
+		}
 		memset(&omi, 0, sizeof omi);
 		omi.modify_counter = 1;
 		strncpy(omi.id, adev.name, sizeof omi.id);
 		strncpy(omi.name, adev.name, sizeof omi.name);
 		error = copyout(&omi, SCARG(uap, data), OSS_IOCTL_SIZE(com));
 		if (error) {
 			DPRINTF(("%s: OSS_SOUND_MIXER_INFO %d\n",
 			    __func__, error));
 			goto out;
+		}
 		break;
 	case OSS_SOUND_MIXER_READ_RECSRC:
 		if (di->source == -1) {
 			DPRINTF(("%s: OSS_SOUND_MIXER_READ_RECSRC bad source\n",