On Mon, 25 Nov 2024 22:16:18 +0100
Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx> wrote:
> The 'scan' local struct is used to push data to userspace from a
> triggered buffer, but it leaves the first channel uninitialized if
> AS73211_SCAN_MASK_ALL is not set. That is used to optimize color channel
> readings.
>
> Set the temperature channel to zero if only color channels are
> relevant to avoid pushing uninitialized information to userspace.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 403e5586b52e ("iio: light: as73211: New driver")
> Signed-off-by: Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx>
Huh.
If the temperature channel is turned off the data should shift. So should be read
into scan.chan[0] and [1] and [2], but not [3].
Not skipping [0] as here.
So this code path currently doesn't work as far as I can tell.
Jonathan
> ---
> drivers/iio/light/as73211.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
> index be0068081ebb..99679b686146 100644
> --- a/drivers/iio/light/as73211.c
> +++ b/drivers/iio/light/as73211.c
> @@ -675,6 +675,9 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
> (char *)&scan.chan[1], 3 * sizeof(scan.chan[1]));
> if (ret < 0)
> goto done;
> +
> + /* Avoid leaking uninitialized data */
> + scan.chan[0] = 0;
> }
>
> if (data_result) {
>
