From: Li Qiang <[email protected]> In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't been full initialized before writing to the guest. This will leak the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This patch fix this issue.
Signed-off-by: Li Qiang <[email protected]> Message-id: [email protected] Reviewed-by: Marc-André Lureau <[email protected]> Signed-off-by: Gerd Hoffmann <[email protected]> --- hw/display/virtio-gpu-3d.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c index 758d33a..23f39de 100644 --- a/hw/display/virtio-gpu-3d.c +++ b/hw/display/virtio-gpu-3d.c @@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g, VIRTIO_GPU_FILL_CMD(info); + memset(&resp, 0, sizeof(resp)); if (info.capset_index == 0) { resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL; virgl_renderer_get_cap_set(resp.capset_id, -- 1.8.3.1
