Re: [PATCH v2 2/9] hwmon: adm1275: Prevent reading uninitialized stack

[sashiko-bot@kernel.org]

> From: Matti Vaittinen <mazziesaccount@gmail.com>
> 
> While adding support for the ROHM BD127X0 hot-swap controllers, sashiko
> reported an error in device-name comparison, which can lead to reading
> uninitialized stack memory.
> 
> Quoting Sashiko:
> 
> This is a pre-existing issue, but I noticed that just before this block in
> adm1275_probe(), there might be an out-of-bounds stack read:
> 
>     ret = i2c_smbus_read_block_data(client, PMBUS_MFR_MODEL, block_buffer);
>     if (ret < 0) { ... }
>     for (mid = adm1275_id; mid->name[0]; mid++) {
>             if (!strncasecmp(mid->name, block_buffer, strlen(mid->name)))
>                     break;
>     }
> 
> Since i2c_smbus_read_block_data() reads up to 32 bytes into the
> uninitialized stack array block_buffer without appending a null
> terminator, strncasecmp() could read past the valid bytes returned in ret.
> 
> For example, if the device returns a shorter string like "adm12", checking
> it against "adm1275" up to the length of "adm1275" will continue reading
> into uninitialized stack bounds.
> 
> Prevent reading uninitialized memory by zeroing the stack array.
> 
> Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>

Sashiko has reviewed this patch and found no issues. It looks great!

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/cover.1782458224.git.mazziesaccount@gmail.com?part=2