From 2b861dc92757b9a3214c2b8e9d8b1c3f3c162391 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Tue, 13 Apr 2010 15:25:48 +0200 Subject: [PATCH] cdrom_id: Fix uninitialized buffers Commit 5c6954f is actually a no-op, since static variables are already zero'ed by default anyway (but we keep it for clarity). The real difference was that a build with -O0 wor while a build with -O2 didn't. Turns out that some ioctls do not actually touch the result buffer in some cases, so we need to zero the result buffers to avoid interpreting random da as CD properties. https://launchpad.net/bugs/559723 https://launchpad.net/bugs/561585 --- extras/cdrom_id/cdrom_id.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/extras/cdrom_id/cdrom_id.c b/extras/cdrom_id/cdrom_id.c index db3867c7..b6797cd3 100644 --- a/extras/cdrom_id/cdrom_id.c +++ b/extras/cdrom_id/cdrom_id.c @@ -237,6 +237,7 @@ static int cd_inquiry(struct udev *udev, int fd) { unsigned char inq[128]; int err; + memset (inq, 0, sizeof (inq)); scsi_cmd_set(udev, &sc, 0, 0x12); scsi_cmd_set(udev, &sc, 4, 36); scsi_cmd_set(udev, &sc, 5, 0); @@ -265,6 +266,7 @@ static int cd_profiles(struct udev *udev, int fd) unsigned int i; int err; + memset (header, 0, sizeof (header)); scsi_cmd_set(udev, &sc, 0, 0x46); scsi_cmd_set(udev, &sc, 1, 0); scsi_cmd_set(udev, &sc, 8, sizeof(header)); @@ -282,6 +284,7 @@ static int cd_profiles(struct udev *udev, int fd) return -1; } + memset (profiles, 0, sizeof (profiles)); scsi_cmd_set(udev, &sc, 0, 0x46); scsi_cmd_set(udev, &sc, 1, 1); scsi_cmd_set(udev, &sc, 6, len >> 16); @@ -440,6 +443,7 @@ static int cd_media_info(struct udev *udev, int fd) }; int err; + memset (header, 0, sizeof (header)); scsi_cmd_set(udev, &sc, 0, 0x51); scsi_cmd_set(udev, &sc, 8, sizeof(header)); scsi_cmd_set(udev, &sc, 9, 0); @@ -472,6 +476,7 @@ static int cd_media_toc(struct udev *udev, int fd) unsigned char *p; int err; + memset (header, 0, sizeof (header)); scsi_cmd_set(udev, &sc, 0, 0x43); scsi_cmd_set(udev, &sc, 6, 1); scsi_cmd_set(udev, &sc, 8, sizeof(header)); @@ -493,6 +498,7 @@ static int cd_media_toc(struct udev *udev, int fd) if (len < 8) return 0; + memset (toc, 0, sizeof (toc)); scsi_cmd_set(udev, &sc, 0, 0x43); scsi_cmd_set(udev, &sc, 6, header[2]); /* First Track/Session Number */ scsi_cmd_set(udev, &sc, 7, len >> 8); @@ -520,6 +526,7 @@ static int cd_media_toc(struct udev *udev, int fd) cd_media_track_count_audio++; } + memset (header, 0, sizeof (header)); scsi_cmd_set(udev, &sc, 0, 0x43); scsi_cmd_set(udev, &sc, 2, 1); /* Session Info */ scsi_cmd_set(udev, &sc, 8, 12); -- 2.39.5