Re: [PATCH] iio: chemical: mhz19b: reject oversized serial replies

Next message: Krishna Chaitanya Chundru: "[PATCH v9 2/3] gpio: Add fwnode_gpiod_get() helper"
Previous message: Krishna Chaitanya Chundru: "[PATCH v9 1/3] PM: sleep: wakeirq: Add support for dedicated shared wake IRQ setup"
In reply to: Andy Shevchenko: "Re: [PATCH] iio: chemical: mhz19b: reject oversized serial replies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Gyeyoung Baek

Date: Fri Apr 03 2026 - 13:34:21 EST

Hello,

On Thu, Apr 2, 2026 at 2:40 PM Pengpeng Hou <pengpeng@xxxxxxxxxxx> wrote:
>
> mhz19b_receive_buf() appends each serdev chunk into the fixed
> MHZ19B_CMD_SIZE receive buffer and advances buf_idx by len without
> checking that the chunk fits in the remaining space. A large callback
> can therefore overflow st->buf before the command path validates the
> reply.
>
> Reset the reply state before each command and reject oversized serial
> replies before copying them into the fixed buffer. When an oversized
> reply is detected, wake the waiter and report -EMSGSIZE instead of
> overwriting st->buf.
>

Acked-by: Gyeyoung Baek <gye976@xxxxxxxxx>

--
Thanks,
Gyeyoung