On 13/07/16 15:43, William Breathitt Gray wrote:
> The val parameter has a data type of int in the read_raw and write_raw
> callbacks. The chan_out_states array should have elements of type int in
> order to match the data type of the val parameter.
>
> This patch fixes a possible integer overflow condition when the the int
> pointer val is dereferenced to store the unsigned int chan_out_states
> element in the read_raw callback.
>
> Fixes: 97a445dad37a ("iio: Add IIO support for the DAC on the Apex Embedded Systems STX104")
> Signed-off-by: William Breathitt Gray <vilhelm.gray@xxxxxxxxx>
Isn't this only a problem if an out of range value was written
in the first place? The values it'll take are only 16bits,
so a simple range check around that would fix the root problem.
J
> ---
> drivers/iio/dac/stx104.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/dac/stx104.c b/drivers/iio/dac/stx104.c
> index 792a971..b22b744 100644
> --- a/drivers/iio/dac/stx104.c
> +++ b/drivers/iio/dac/stx104.c
> @@ -47,7 +47,7 @@ MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses");
> * @base: base port address of the IIO device
> */
> struct stx104_iio {
> - unsigned chan_out_states[STX104_NUM_CHAN];
> + int chan_out_states[STX104_NUM_CHAN];
> unsigned base;
> };
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
