3cb4aa0027
commit 89226a296d816727405d3fea684ef69e7d388bd8 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 16 byte u8 array on the stack. As Lars also noted
this anti pattern can involve a leak of data to userspace and that
indeed can happen here. We close both issues by moving to
a suitable structure in the iio_priv() data with alignment
ensured by use of an explicit c structure. This data is allocated
with kzalloc so no data can leak appart from previous readings.
The additional forcing of the 8 byte alignment of the timestamp
is not strictly necessary but makes the code less fragile by
making this explicit.
Fixes:
|
||
|---|---|---|
| .. | ||
| adis16201.c | ||
| adis16209.c | ||
| adxl345.h | ||
| adxl345_core.c | ||
| adxl345_i2c.c | ||
| adxl345_spi.c | ||
| bma180.c | ||
| bma220_spi.c | ||
| bmc150-accel-core.c | ||
| bmc150-accel-i2c.c | ||
| bmc150-accel-spi.c | ||
| bmc150-accel.h | ||
| cros_ec_accel_legacy.c | ||
| da280.c | ||
| da311.c | ||
| dmard06.c | ||
| dmard09.c | ||
| dmard10.c | ||
| hid-sensor-accel-3d.c | ||
| Kconfig | ||
| kxcjk-1013.c | ||
| kxsd9-i2c.c | ||
| kxsd9-spi.c | ||
| kxsd9.c | ||
| kxsd9.h | ||
| Makefile | ||
| mc3230.c | ||
| mma7455.h | ||
| mma7455_core.c | ||
| mma7455_i2c.c | ||
| mma7455_spi.c | ||
| mma7660.c | ||
| mma8452.c | ||
| mma9551.c | ||
| mma9551_core.c | ||
| mma9551_core.h | ||
| mma9553.c | ||
| mxc4005.c | ||
| mxc6255.c | ||
| sca3000.c | ||
| ssp_accel_sensor.c | ||
| st_accel.h | ||
| st_accel_buffer.c | ||
| st_accel_core.c | ||
| st_accel_i2c.c | ||
| st_accel_spi.c | ||
| stk8ba50.c | ||
| stk8312.c | ||