summaryrefslogtreecommitdiff
path: root/lib/parser.c
diff options
context:
space:
mode:
authorIan Abbott <abbotti@mev.co.uk>2025-07-07 17:14:39 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2025-07-16 15:02:44 +0200
commit46d8c744136ce2454aa4c35c138cc06817f92b8e (patch)
treeddfe87021ab3cb2a357da45dcb314d81077cb5f2 /lib/parser.c
parente9cb26291d009243a4478a7ffb37b3a9175bfce9 (diff)
comedi: Fix initialization of data for instructions that write to subdevice
Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first `insn->n` elements in some cases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions allocate at least `MIN_SAMPLES` (16) data elements to deal with this, but they do not initialize all of that. For Comedi instruction codes that write to the subdevice, the first `insn->n` data elements are copied from user-space, but the remaining elements are left uninitialized. That could be a problem if the subdevice instruction handler reads the uninitialized data. Ensure that the first `MIN_SAMPLES` elements are initialized before calling these instruction handlers, filling the uncopied elements with 0. For `do_insnlist_ioctl()`, the same data buffer elements are used for handling a list of instructions, so ensure the first `MIN_SAMPLES` elements are initialized for each instruction that writes to the subdevice. Fixes: ed9eccbe8970 ("Staging: add comedi core") Cc: stable@vger.kernel.org # 5.13+ Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Link: https://lore.kernel.org/r/20250707161439.88385-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/parser.c')
0 files changed, 0 insertions, 0 deletions