In the case that the FIFO threshold handler gets called when the FIFO has not actually reached the threshold, the driver will pass uninitialized memory to the IIO subsystem. In the past, this would occur due to bugs in the driver, those bugs have been fixed. However, it is still a good idea to close this just in case additional bugs in hardware or software exist. Signed-off-by: Russ Dill <Russ.Dill@xxxxxx> Signed-off-by: Zubair Lutfullah <zubair.lutfullah@xxxxxxxxx> --- drivers/iio/adc/ti_am335x_adc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/iio/adc/ti_am335x_adc.c b/drivers/iio/adc/ti_am335x_adc.c index 69abde0..c257169 100644 --- a/drivers/iio/adc/ti_am335x_adc.c +++ b/drivers/iio/adc/ti_am335x_adc.c @@ -212,6 +212,13 @@ static void tiadc_poll_handler(struct work_struct *work_s) u32 *iBuf; fifo1count = tiadc_readl(adc_dev, REG_FIFO1CNT); + if (fifo1count * sizeof(u32) < + buffer->access->get_bytes_per_datum(buffer)) { + dev_err(adc_dev->mfd_tscadc->dev, "%s: Short FIFO event\n", + __func__); + goto out; + } + iBuf = kmalloc((fifo1count + 1) * sizeof(u32), GFP_KERNEL); if (iBuf == NULL) goto out; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-iio" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html