korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-15 15:04:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
d590faf9e8
linux/drivers/iio
History
Lars-Peter Clausen d590faf9e8 iio: adis_buffer: Fix out-of-bounds memory access 
The SPI tx and rx buffers are both supposed to be scan_bytes amount of
bytes large and a common allocation is used to allocate both buffers. This
puts the beginning of the tx buffer scan_bytes bytes after the rx buffer.
The initialization of the tx buffer pointer is done adding scan_bytes to
the beginning of the rx buffer, but since the rx buffer is of type __be16
this will actually add two times as much and the tx buffer ends up pointing
after the allocated buffer.

Fix this by using scan_count, which is scan_bytes / 2, instead of
scan_bytes when initializing the tx buffer pointer.

Fixes: aacff892cb ("staging:iio:adis: Preallocate transfer message")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2015-12-05 17:32:04 +00:00
..
accel spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
adc iio: adc: spmi-vadc: add missing of_node_put 2015-11-21 18:24:44 +00:00
amplifiers spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
buffer iio: Move generic buffer implementations to sub-directory 2015-08-16 10:51:21 +01:00
chemical iio: chemical: vz89x hardware i2c workaround 2015-09-30 18:20:53 +01:00
common spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
dac First set of IIO fixes for the 4.4 cycle. 2015-11-18 13:15:50 -08:00
frequency spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
gyro spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
humidity First set of IIO fixes for the 4.4 cycle. 2015-11-18 13:15:50 -08:00
imu iio: adis_buffer: Fix out-of-bounds memory access 2015-12-05 17:32:04 +00:00
light iio: light: apds9960: correct ->last_busy count 2015-11-21 15:57:04 +00:00
magnetometer spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
orientation iio: orientation: hid-sensor-rotation: Fix memory leak in probe() 2015-05-17 09:10:25 +01:00
potentiometer iio: mcp4531: Driver for Microchip digital potentiometers 2015-09-30 18:20:53 +01:00
pressure spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
proximity iio: lidar: return -EINVAL on invalid signal 2015-11-21 15:56:53 +00:00
temperature Add tsys02d meas-spec driver support 2015-10-11 10:21:19 +01:00
trigger iio: trigger: Add a blank line after declarations 2014-12-26 12:15:36 +00:00
iio_core_trigger.h iio: fix semicolon in io_core_trigger.h 2013-08-03 18:40:32 +01:00
iio_core.h iio: Move buffer registration to the core 2014-12-12 12:28:31 +00:00
industrialio-buffer.c iio: fix some warning messages 2015-11-21 16:00:05 +00:00
industrialio-core.c iio: fix some warning messages 2015-11-21 16:00:05 +00:00
industrialio-event.c iio: event: Remove negative error code from iio_event_poll 2015-08-12 19:26:39 +01:00
industrialio-trigger.c iio: Support triggered events 2015-08-27 20:47:09 +01:00
industrialio-triggered-event.c iio: Support triggered events 2015-08-27 20:47:09 +01:00
inkern.c First round of IIO new drivers, cleanups and functionality for the 3.20 cycle take 2 2015-01-21 10:13:37 +08:00
Kconfig iio: mcp4531: Driver for Microchip digital potentiometers 2015-09-30 18:20:53 +01:00
Makefile iio: mcp4531: Driver for Microchip digital potentiometers 2015-09-30 18:20:53 +01:00