Re: [PATCH] iio: magnetometer: ak8975: fix potential kernel stack memory leak

Next message: kernel test robot: "[tip:timers/urgent] BUILD SUCCESS 602d60ebae0f10bfbc7ba90eee026fdbd0203df3"
Previous message: Conor Dooley: "Re: [PATCH 4/9] dt-bindings: pinctrl: Add UltraRISC DP1000 pinctrl bindings"
In reply to: Joshua Crofts: "Re: [PATCH] iio: magnetometer: ak8975: fix potential kernel stack memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Fri May 15 2026 - 06:25:47 EST

On Thu, May 14, 2026 at 01:38:17PM +0200, Joshua Crofts via B4 Relay wrote:

> Currently in the AK8975 driver there are two instances where potential
> uninitialized kernel stack memory leaks can occur. If
> i2c_smbus_read_i2c_block_data_or_emulated() returns a value less than
> the size of the buffer, uninitialized bytes are retained in the buffer
> and later the buffer is passed on to IIO buffers, potentially leaking
> memory to userspace.
>
> Fix this by adding checks whether the return value of the function is
> equal to the size of the buffer and subsequently if the value is
> lesser than zero to distinguish from a returned error code.

...

> - if (ret < 0)
> + if (ret != sizeof(rval)) {
> + if (ret >= 0)
> + ret = -EIO;
> goto exit;
> + }

Still better to not mix the two

if (ret < 0)
goto exit;
if (ret != sizeof(rval)) {
ret = -EIO;
goto exit;
}

...

Ditto for the second case.

--
With Best Regards,
Andy Shevchenko