[PATCH 3.16 71/72] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

[Ben Hutchings]

3.16.79-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Tomas Bortoli <tomasbortoli@xxxxxxxxx>

commit a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 upstream.

The function at issue does not always initialize each byte allocated
for 'b' and can therefore leak uninitialized memory to a USB device in
the call to usb_bulk_msg()

Use kzalloc() instead of kmalloc()

Signed-off-by: Tomas Bortoli <tomasbortoli@xxxxxxxxx>
Reported-by: syzbot+0522702e9d67142379f1@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Sean Young <sean@xxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
 drivers/media/usb/ttusb-dec/ttusb_dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
@@ -272,7 +272,7 @@ static int ttusb_dec_send_command(struct
 
 	dprintk("%s\n", __func__);
 
-	b = kmalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
+	b = kzalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
 	if (!b)
 		return -ENOMEM;