From 018f50909e66941916b5422ed7aee7475285b0c0 Mon Sep 17 00:00:00 2001 From: David Lechner Date: Tue, 6 May 2025 13:49:57 -0500 Subject: [PATCH] iio: bmp280: zero-init buffer MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The struct used for the buffer has holes in it, so we need to make sure that the holes are zeroed out rather than containing uninitialized data from the stack. Reported-by: Dan Carpenter Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/ Fixes: 872c8014e05e ("iio: pressure: bmp280: drop sensor_data array") Signed-off-by: David Lechner Reviewed-by: Nuno Sá Link: https://patch.msgid.link/20250506-iio-pressure-bmp280-zero-init-buffer-v1-1-0935c31558ac@baylibre.com Signed-off-by: Jonathan Cameron --- drivers/iio/pressure/bmp280-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 5728cc18cced..f37f20776c89 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p) } buffer; int ret; + /* Don't leak uninitialized stack to userspace. */ + memset(&buffer, 0, sizeof(buffer)); + guard(mutex)(&data->lock); /* Burst read data registers */ -- 2.50.1