Re: [PATCH v2 1/4] iio: proximity: hx9023s: fix out-of-bounds access when copying firmware

Next message: Vladimir Oltean: "Re: [PATCH next] phy: renesas: rcar-gen3-usb2: Drop local devm_mux_state_get_optional()"
Previous message: Bartosz Golaszewski: "[RFT PATCH v3] ARM: omap1: enable real software node lookup of GPIOs on Nokia 770"
In reply to: Andy Shevchenko: "Re: [PATCH v2 1/4] iio: proximity: hx9023s: fix out-of-bounds access when copying firmware"
Next in thread: Andy Shevchenko: "Re: [PATCH v2 1/4] iio: proximity: hx9023s: fix out-of-bounds access when copying firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Krzysztof Kozlowski

Date: Thu Feb 12 2026 - 06:26:08 EST

On Thu, Feb 12, 2026 at 02:26:52PM +0800, Yasin Lee wrote:
> Initialize fw_size before copying firmware data into the flexible
> array member to match the __counted_by() annotation. This fixes a
> potential out-of-bounds access that could lead to a kernel crash.

I don't think so. Code is equivalent and this was just false positive
because compiler could not deduce that in this case counted_by can be by
fw->size.

>
> Fixes: e9ed97be4fcc ("iio: proximity: hx9023s: Added firmware file parsing functionality")

Also not appropriate IMO, nothing to fix.

Commit is fine, but this is not a fix, IMO.

Best regards,
Krzysztof