Commit 75f339d3 authored Nov 25, 2024 by Javier Carrasco Committed by Jonathan Cameron Dec 07, 2024

iio: adc: ti-ads1119: fix information leak in triggered buffer



The 'scan' local struct is used to push data to user space from a
triggered buffer, but it has a hole between the sample (unsigned int)
and the timestamp. This hole is never initialized.

Initialize the struct to zero before using it to avoid pushing
uninitialized information to userspace.

Cc: stable@vger.kernel.org
Fixes: a9306887 ("iio: adc: ti-ads1119: Add driver")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-2-0cb6e98d895c@gmail.com


Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>

parent 6007d10c

drivers/iio/adc/ti-ads1119.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -506,6 +506,8 @@ static irqreturn_t ads1119_trigger_handler(int irq, void *private)
		unsigned int index;
		int ret;

		memset(&scan, 0, sizeof(scan));

		if (!iio_trigger_using_own(indio_dev)) {
		index = find_first_bit(indio_dev->active_scan_mask,
		iio_get_masklength(indio_dev));