Skip to content

Commit 6ae0531

Browse files
javiercarrascocruzjic23
javiercarrascocruz
authored and
jic23
committed
iio: imu: kmx61: fix information leak in triggered buffer
The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. Cc: stable@vger.kernel.org Fixes: c3a23ec ("iio: imu: kmx61: Add support for data ready triggers") Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com> Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-5-0cb6e98d895c@gmail.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
1 parent 47b43e5 commit 6ae0531

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

drivers/iio/imu/kmx61.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1193,7 +1193,7 @@ static irqreturn_t kmx61_trigger_handler(int irq, void *p)
11931193
struct kmx61_data *data = kmx61_get_data(indio_dev);
11941194
int bit, ret, i = 0;
11951195
u8 base;
1196-
s16 buffer[8];
1196+
s16 buffer[8] = { };
11971197

11981198
if (indio_dev == data->acc_indio_dev)
11991199
base = KMX61_ACC_XOUT_L;

0 commit comments

Comments
 (0)