3cb4aa0027
commit 89226a296d816727405d3fea684ef69e7d388bd8 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 16 byte u8 array on the stack. As Lars also noted
this anti pattern can involve a leak of data to userspace and that
indeed can happen here. We close both issues by moving to
a suitable structure in the iio_priv() data with alignment
ensured by use of an explicit c structure. This data is allocated
with kzalloc so no data can leak appart from previous readings.
The additional forcing of the 8 byte alignment of the timestamp
is not strictly necessary but makes the code less fragile by
making this explicit.
Fixes:
|
||
|---|---|---|
| .. | ||
| accel | ||
| adc | ||
| afe | ||
| amplifiers | ||
| buffer | ||
| chemical | ||
| common | ||
| counter | ||
| dac | ||
| dummy | ||
| frequency | ||
| gyro | ||
| health | ||
| humidity | ||
| imu | ||
| light | ||
| magnetometer | ||
| multiplexer | ||
| orientation | ||
| potentiometer | ||
| potentiostat | ||
| pressure | ||
| proximity | ||
| resolver | ||
| temperature | ||
| trigger | ||
| iio_core.h | ||
| iio_core_trigger.h | ||
| industrialio-buffer.c | ||
| industrialio-configfs.c | ||
| industrialio-core.c | ||
| industrialio-event.c | ||
| industrialio-sw-device.c | ||
| industrialio-sw-trigger.c | ||
| industrialio-trigger.c | ||
| industrialio-triggered-event.c | ||
| inkern.c | ||
| Kconfig | ||
| Makefile | ||