From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Tue, 13 Apr 2010 13:25:48 +0000 (+0200)
Subject: cdrom_id: Fix uninitialized buffers
X-Git-Tag: 174~555
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=2b861dc92757b9a3214c2b8e9d8b1c3f3c162391

cdrom_id: Fix uninitialized buffers

Commit 5c6954f is actually a no-op, since static variables are already zero'ed
by default anyway (but we keep it for clarity). The real difference was that a
build with -O0 wor while a build with -O2 didn't.

Turns out that some ioctls do not actually touch the result buffer in some
cases, so we need to zero the result buffers to avoid interpreting random da as
CD properties.

https://launchpad.net/bugs/559723
https://launchpad.net/bugs/561585
---

diff --git a/extras/cdrom_id/cdrom_id.c b/extras/cdrom_id/cdrom_id.c
index db3867c77..b6797cd31 100644
--- a/extras/cdrom_id/cdrom_id.c
+++ b/extras/cdrom_id/cdrom_id.c
@@ -237,6 +237,7 @@ static int cd_inquiry(struct udev *udev, int fd) {
 	unsigned char inq[128];
 	int err;
 
+	memset (inq, 0, sizeof (inq));
 	scsi_cmd_set(udev, &sc, 0, 0x12);
 	scsi_cmd_set(udev, &sc, 4, 36);
 	scsi_cmd_set(udev, &sc, 5, 0);
@@ -265,6 +266,7 @@ static int cd_profiles(struct udev *udev, int fd)
 	unsigned int i;
 	int err;
 
+	memset (header, 0, sizeof (header));
 	scsi_cmd_set(udev, &sc, 0, 0x46);
 	scsi_cmd_set(udev, &sc, 1, 0);
 	scsi_cmd_set(udev, &sc, 8, sizeof(header));
@@ -282,6 +284,7 @@ static int cd_profiles(struct udev *udev, int fd)
 		return -1;
 	}
 
+	memset (profiles, 0, sizeof (profiles));
 	scsi_cmd_set(udev, &sc, 0, 0x46);
 	scsi_cmd_set(udev, &sc, 1, 1);
 	scsi_cmd_set(udev, &sc, 6, len >> 16);
@@ -440,6 +443,7 @@ static int cd_media_info(struct udev *udev, int fd)
 	};
 	int err;
 
+	memset (header, 0, sizeof (header));
 	scsi_cmd_set(udev, &sc, 0, 0x51);
 	scsi_cmd_set(udev, &sc, 8, sizeof(header));
 	scsi_cmd_set(udev, &sc, 9, 0);
@@ -472,6 +476,7 @@ static int cd_media_toc(struct udev *udev, int fd)
 	unsigned char *p;
 	int err;
 
+	memset (header, 0, sizeof (header));
 	scsi_cmd_set(udev, &sc, 0, 0x43);
 	scsi_cmd_set(udev, &sc, 6, 1);
 	scsi_cmd_set(udev, &sc, 8, sizeof(header));
@@ -493,6 +498,7 @@ static int cd_media_toc(struct udev *udev, int fd)
 	if (len < 8)
 		return 0;
 
+	memset (toc, 0, sizeof (toc));
 	scsi_cmd_set(udev, &sc, 0, 0x43);
 	scsi_cmd_set(udev, &sc, 6, header[2]); /* First Track/Session Number */
 	scsi_cmd_set(udev, &sc, 7, len >> 8);
@@ -520,6 +526,7 @@ static int cd_media_toc(struct udev *udev, int fd)
 			cd_media_track_count_audio++;
 	}
 
+	memset (header, 0, sizeof (header));
 	scsi_cmd_set(udev, &sc, 0, 0x43);
 	scsi_cmd_set(udev, &sc, 2, 1); /* Session Info */
 	scsi_cmd_set(udev, &sc, 8, 12);