On 12/09/24 11:50, Qianqiang Liu wrote: > Hi, > > I reviewed the following code in drivers/iio/imu/bmi323/bmi323_core.c: > > 2245 for (unsigned int i = 0; i < ARRAY_SIZE(bmi323_ext_reg_savestate); i++) { <- > 2246 ret = bmi323_write_ext_reg(data, bmi323_reg_savestate[i], <- > 2247 savestate->reg_settings[i]); > 2248 if (ret) { > 2249 dev_err(data->dev, > 2250 "Error writing bmi323 external reg 0x%x: %d\n", > 2251 bmi323_reg_savestate[i], ret); > 2252 return ret; > 2253 } > 2254 } > > The array size of the "bmi323_ext_reg_savestate" is twelve, and the > array size of "bmi323_reg_savestate" is nine. > > Is it possible that "bmi323_reg_savestate" may have buffer overflow > issue? > Hi, You are very right and that is copy/paste mistake that was not flagged as a warning by gcc. Thanks for letting me know! There is currently a fix already sent for review here: https://lore.kernel.org/all/20240909-iio-bmi323-fix-array-ref-v1-1-51c220f22229@xxxxxxxxxx Best regards, Denis Benato