On Mon, 2016-11-14 at 02:09 +0000, Song Hongyan wrote:
> When user tried to read some fields like hysteresis from IIO sysfs on
> some
> systems, it fails. The reason is that this field is a byte field and
> caller
> of sensor_hub_get_feature() passes a buffer of 4 bytes. Here the
> function
> sensor_hub_get_feature() copies the single byte from the report to
> the
> caller buffer and returns "1" as the number of bytes copied.
Is the following sentence accurate?
> So caller
> can use the return value, which is actually not right.
Caller could have used a single byte from the result buffer as this is
valid data ignoring other bytes.
> Since this is done by multiple callers, if we change the
> sensor_hub_get_feature() can make sure the caller buffer is
> initialized
> with 0s then we don't need to change all functions.
>
> Signed-off-by: Song Hongyan <hongyan.song@xxxxxxxxx>
> ---
> drivers/hid/hid-sensor-hub.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-
> hub.c
> index 658a607..b74d954 100644
> --- a/drivers/hid/hid-sensor-hub.c
> +++ b/drivers/hid/hid-sensor-hub.c
> @@ -252,6 +252,7 @@ int sensor_hub_get_feature(struct
> hid_sensor_hub_device *hsdev, u32 report_id,
> int report_size;
> int ret = 0;
>
> + memset(buffer, 0, buffer_size);
> mutex_lock(&data->mutex);
> report = sensor_hub_report(report_id, hsdev->hdev,
> HID_FEATURE_REPORT);
> if (!report || (field_index >= report->maxfield) ||��.n��������+%�������w��{.n�����{��)��^n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
