Re: [PATCH] iio: gyro: bmg160: bail out when bandwidth/filter is not in table

Next message: Vishal Moola: "Re: [PATCH v3 1/2] mm/filemap: count only the faulting address as a mmap hit"
Previous message: Rob Herring (Arm): "Re: [PATCH v5 2/6] dt-bindings: input: cpcap-pwrbutton: convert to DT schema"
In reply to: Andy Shevchenko: "Re: [PATCH] iio: gyro: bmg160: bail out when bandwidth/filter is not in table"
Next in thread: Jonathan Cameron: "Re: [PATCH] iio: gyro: bmg160: bail out when bandwidth/filter is not in table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Sun May 10 2026 - 08:53:15 EST

On Sun, May 10, 2026 at 07:35:00AM +0500, Stepan Ionichev wrote:
> bmg160_get_filter() walks bmg160_samp_freq_table[] looking for the
> entry matching the bw_bits value read from the chip:
>
> for (i = 0; i < ARRAY_SIZE(bmg160_samp_freq_table); ++i) {
> if (bmg160_samp_freq_table[i].bw_bits == bw_bits)
> break;
> }
> *val = bmg160_samp_freq_table[i].filter;
>
> If no entry matches, i ends up equal to the array size and the next
> line reads one slot past the end. bmg160_set_filter() has the same
> shape, driven by 'val' instead of bw_bits.
>
> smatch flags both:
>
> drivers/iio/gyro/bmg160_core.c:204 bmg160_get_filter() error:
> buffer overflow 'bmg160_samp_freq_table' 7 <= 7
> drivers/iio/gyro/bmg160_core.c:222 bmg160_set_filter() error:
> buffer overflow 'bmg160_samp_freq_table' 7 <= 7
>
> Return -EINVAL when no entry matches.

Sounds legit and proper behaviour in this case.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxx>

--
With Best Regards,
Andy Shevchenko