virtio-gpu: fix information leak in getting capset info dispatch

In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't been full initialized before writing to the guest. This will leak the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This patch fix this issue. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 5818661e.0860240a.77264.7a56@mx.google.com Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qemu · Dec 5, 2016 · 42a8dad · 42a8dad
1 parent 6c75650
commit 42a8dad
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
 
     VIRTIO_GPU_FILL_CMD(info);
 
+    memset(&resp, 0, sizeof(resp));
     if (info.capset_index == 0) {
         resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
         virgl_renderer_get_cap_set(resp.capset_id,