On Wed, Nov 15, 2017 at 12:54:09PM -0700, Compostella, Jeremy wrote: > On a I2C_SMBUS_I2C_BLOCK_DATA read request, if data->block[0] is > greater than I2C_SMBUS_BLOCK_MAX + 1, the underlying I2C driver writes > data out of the msgbuf1 boundary. > > It is possible from a user application to run into that issue by call > the I2C_SMBUS ioctl with data.block[0] greater than > I2C_SMBUS_BLOCK_MAX + 1. From Documentation/i2c/dev-interface: ioctl(file, I2C_SMBUS, struct i2c_smbus_ioctl_data *args) Not meant to be called directly; instead, use the access functions below. Maybe we should add this info to the include file as well? But I guess we still shouldn't OOPS on this misuse... Will think about it... Regards, Wolfram
Attachment:
signature.asc
Description: PGP signature
