anthias: audio: 2016-10-partner: CVE-2016-6751: security patch for A-30902162

Qualcomm ref#: CR#1062271 The params_value array is used without initialization potentially leading to information disclosure. The fix is designed to initialize the params_value array to prevent the potential information disclosure. Change-Id: I6aff77a4496a9247a921b3fa0b79c8ec2ca85065 Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/260058 Reviewed-by: Carol_Jiang <carol_jiang@asus.com> Tested-by: Carol_Jiang <carol_jiang@asus.com>

anthias: audio: 2016-10-partner: CVE-2016-6751: security patch for A-30902162
70c80bd7 · Ken Cheng · Carol_Jiang · c67e372c · 70c80bd7
Commit 70c80bd7 authored Oct 18, 2016 by Ken Cheng Committed by Carol_Jiang Nov 16, 2016
--- a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
@@ -1037,6 +1037,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream,
 			struct snd_dec_ddp *ddp =
 				&compr->info.codec_param.codec.options.ddp;
 			uint32_t params_length = 0;
+			memset(params_value, 0, MAX_AC3_PARAM_SIZE);
 			/* check integer overflow */
 			if (ddp->params_length > UINT_MAX/sizeof(int)) {
 				pr_err("%s: Integer overflow ddp->params_length %d\n",
@@ -1081,6 +1082,7 @@ static int msm_compr_ioctl_shared(struct snd_pcm_substream *substream,
 			struct snd_dec_ddp *ddp =
 				&compr->info.codec_param.codec.options.ddp;
 			uint32_t params_length = 0;
+			memset(params_value, 0, MAX_AC3_PARAM_SIZE);
 			/* check integer overflow */
 			if (ddp->params_length > UINT_MAX/sizeof(int)) {
 				pr_err("%s: Integer overflow ddp->params_length %d\n",