Re: [PATCH v2 2/9] hwmon: adm1275: Prevent reading uninitialized stack

From: Guenter Roeck

Date: Mon Jun 29 2026 - 16:45:43 EST


On Fri, Jun 26, 2026 at 10:22:04AM +0300, Matti Vaittinen wrote:
> From: Matti Vaittinen <mazziesaccount@xxxxxxxxx>
>
> While adding support for the ROHM BD127X0 hot-swap controllers, sashiko
> reported an error in device-name comparison, which can lead to reading
> uninitialized stack memory.
>
> Quoting Sashiko:
>
> This is a pre-existing issue, but I noticed that just before this block in
> adm1275_probe(), there might be an out-of-bounds stack read:
>
> ret = i2c_smbus_read_block_data(client, PMBUS_MFR_MODEL, block_buffer);
> if (ret < 0) { ... }
> for (mid = adm1275_id; mid->name[0]; mid++) {
> if (!strncasecmp(mid->name, block_buffer, strlen(mid->name)))
> break;
> }
>
> Since i2c_smbus_read_block_data() reads up to 32 bytes into the
> uninitialized stack array block_buffer without appending a null
> terminator, strncasecmp() could read past the valid bytes returned in ret.
>
> For example, if the device returns a shorter string like "adm12", checking
> it against "adm1275" up to the length of "adm1275" will continue reading
> into uninitialized stack bounds.
>
> Prevent reading uninitialized memory by zeroing the stack array.
>
> Signed-off-by: Matti Vaittinen <mazziesaccount@xxxxxxxxx>
> Fixes: 87102808d039 ("hwmon: (pmbus/adm1275) Validate device ID")

Applied.

Thanks,
Guenter