Re: [PATCH] iio: fix infinite loop for gain_to_scaletables()
From: Jonathan Cameron
Date: Thu Oct 31 2024 - 17:50:14 EST
On Thu, 31 Oct 2024 09:25:16 +0200
Matti Vaittinen <mazziesaccount@xxxxxxxxx> wrote:
> Thanks again Zicheng!
>
> On 31/10/2024 03:46, Zicheng Qu wrote:
> > In iio_gts_build_avail_time_table(), it is checked that gts->num_itime is
> > non-zero, but gts->num_itime is not checked in gain_to_scaletables(). The
> > variable time_idx is initialized as gts->num_itime - 1. This implies that
> > time_idx might initially be set to -1 (0 - 1 = -1). Consequently, using
> > while (time_idx--) could lead to an infinite loop.
> >
> > Cc: stable@xxxxxxxxxxxxxxx # v6.6+
> > Fixes: 38416c28e168 ("iio: light: Add gain-time-scale helpers")
> > Signed-off-by: Zicheng Qu <quzicheng@xxxxxxxxxx>
> > ---
> > drivers/iio/industrialio-gts-helper.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iio/industrialio-gts-helper.c b/drivers/iio/industrialio-gts-helper.c
> > index 59d7615c0f56..f3acd392f4fc 100644
> > --- a/drivers/iio/industrialio-gts-helper.c
> > +++ b/drivers/iio/industrialio-gts-helper.c
> > @@ -205,7 +205,7 @@ static int gain_to_scaletables(struct iio_gts *gts, int **gains, int **scales)
> > memcpy(all_gains, gains[time_idx], gain_bytes);
> > new_idx = gts->num_hwgain;
> >
> > - while (time_idx--) {
> > + while (time_idx-- > 0) {
> > for (j = 0; j < gts->num_hwgain; j++) {
> > int candidate = gains[time_idx][j];
> > int chk;
>
> This, too, brings the question if supporting 0 times is worth.
>
> At least this shows that it'd be nice to cover the "only times, no
> hw-gains" and "no times, only hw-gains" cases in the Kunit tests...
>
> Anyways - Thanks!
>
> Reviewed-by: Matti Vaittinen <mazziesaccount@xxxxxxxxx>
Applied
>
> Yours,
> -- Matti
>
>