iio: adc: ti-ads1119: fix information leak in triggered buffer

The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. Cc: stable@vger.kernel.org Fixes: a9306887eb ("iio: adc: ti-ads1119: Add driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com> Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com> Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-2-0cb6e98d895c@gmail.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-05-10 11:40:19 -04:00 · 2024-11-25 22:16:10 +01:00
parent 6007d10c52
commit 75f339d3ec
1 changed files with 2 additions and 0 deletions
--- a/drivers/iio/adc/ti-ads1119.c
+++ b/drivers/iio/adc/ti-ads1119.c
@@ -506,6 +506,8 @@ static irqreturn_t ads1119_trigger_handler(int irq, void *private)
 	unsigned int index;
 	int ret;

+	memset(&scan, 0, sizeof(scan));
+
 	if (!iio_trigger_using_own(indio_dev)) {
 		index = find_first_bit(indio_dev->active_scan_mask,
 				       iio_get_masklength(indio_dev));