The stack object “si” has a total size of 128; however, only 20 bytes are initialized. The remaining uninitialized bytes are sent to userland via send_signal
Signed-off-by: Kangjie Lu <[email protected]> --- arch/arm64/mm/fault.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 95df28b..f790eda 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -117,6 +117,7 @@ static void __do_user_fault(struct task_struct *tsk, unsigned long addr, { struct siginfo si; + memset(&si, 0, sizeof(si)); if (unhandled_signal(tsk, sig) && show_unhandled_signals_ratelimited()) { pr_info("%s[%d]: unhandled %s (%d) at 0x%08lx, esr 0x%03x\n", tsk->comm, task_pid_nr(tsk), fault_name(esr), sig, -- 1.9.1
