3 bytes were being read but 4 were being written. Explicitly initialize the unused bytes to 0 and refactor the loop to use direct array indexing, which appears to silence a Clang false positive warning[1]. Link: https://github.com/ClangBuiltLinux/linux/issues/2000 [1] Fixes: ac78c6aa4a5d ("iio: pressure: Add driver for DLH pressure sensors") Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> --- Cc: Jonathan Cameron <jic23@xxxxxxxxxx> Cc: "Lars-Peter Clausen" <lars@xxxxxxxxxx> Cc: "Uwe Kleine-König" <u.kleine-koenig@xxxxxxxxxxxxxx> Cc: "Andy Shevchenko" <andriy.shevchenko@xxxxxxxxxxxxxxx> Cc: "Nuno Sá" <nuno.sa@xxxxxxxxxx> Cc: linux-iio@xxxxxxxxxxxxxxx Cc: "Nathan Chancellor" <nathan@xxxxxxxxxx> Cc: "Nick Desaulniers" <ndesaulniers@xxxxxxxxxx> Cc: "Bill Wendling" <morbo@xxxxxxxxxx> Cc: "Justin Stitt" <justinstitt@xxxxxxxxxx> Cc: llvm@xxxxxxxxxxxxxxx v2: drop comments, array expansion, and WARN. refactor loop. v1: https://lore.kernel.org/linux-hardening/20240222222335.work.759-kees@xxxxxxxxxx/ --- drivers/iio/pressure/dlhl60d.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/iio/pressure/dlhl60d.c b/drivers/iio/pressure/dlhl60d.c index 28c8269ba65d..0bba4c5a8d40 100644 --- a/drivers/iio/pressure/dlhl60d.c +++ b/drivers/iio/pressure/dlhl60d.c @@ -250,18 +250,17 @@ static irqreturn_t dlh_trigger_handler(int irq, void *private) struct dlh_state *st = iio_priv(indio_dev); int ret; unsigned int chn, i = 0; - __be32 tmp_buf[2]; + __be32 tmp_buf[2] = { }; ret = dlh_start_capture_and_read(st); if (ret) goto out; for_each_set_bit(chn, indio_dev->active_scan_mask, - indio_dev->masklength) { - memcpy(tmp_buf + i, + indio_dev->masklength) { + memcpy(&tmp_buf[i++], &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES, DLH_NUM_DATA_BYTES); - i++; } iio_push_to_buffers(indio_dev, tmp_buf); -- 2.34.1
