Re: [PATCH v3] hid: hid-sensor-hub: clear memory to avoid random data

["Pandruvada, Srinivas" <srinivas.pandruvada-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>]

On Mon, 2016-11-14 at 02:09 +0000, Song Hongyan wrote:
> When user tried to read some fields like hysteresis from IIO sysfs on
> some
> systems, it fails. The reason is that this field is a byte field and
> caller
> of sensor_hub_get_feature() passes a buffer of 4 bytes. Here the
> function
> sensor_hub_get_feature() copies the single byte from the report to
> the
> caller buffer and returns "1" as the number of bytes copied.

Is the following sentence accurate?
>  So caller
> can use the return value, which is actually not right.
Caller could have used a single byte from the result buffer as this is
valid data ignoring other bytes.


> Since this is done by multiple callers, if we change the
> sensor_hub_get_feature() can make sure the caller buffer is
> initialized
> with 0s then we don't need to change all functions.
> 
> Signed-off-by: Song Hongyan <hongyan.song@intel.com>
> ---
>  drivers/hid/hid-sensor-hub.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-
> hub.c
> index 658a607..b74d954 100644
> --- a/drivers/hid/hid-sensor-hub.c
> +++ b/drivers/hid/hid-sensor-hub.c
> @@ -252,6 +252,7 @@ int sensor_hub_get_feature(struct
> hid_sensor_hub_device *hsdev, u32 report_id,
>  	int report_size;
>  	int ret = 0;
>  
> +	memset(buffer, 0, buffer_size);
>  	mutex_lock(&data->mutex);
>  	report = sensor_hub_report(report_id, hsdev->hdev,
> HID_FEATURE_REPORT);
>  	if (!report || (field_index >= report->maxfield) ||