Re: [PATCH 2/3] iio: light: veml6075: add bounds check to veml6075_it_ms index

Linux IIO development
 help / color / mirror / Atom feed

From: Jonathan Cameron <jic23@kernel.org>
To: "Javier Carrasco" <javier.carrasco.cruz@gmail.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
	"Sam Daly" <sam@samdaly.ie>, stable <stable@kernel.org>,
	"David Lechner" <dlechner@baylibre.com>,
	"Nuno Sá" <nuno.sa@analog.com>,
	"Andy Shevchenko" <andy@kernel.org>
Subject: Re: [PATCH 2/3] iio: light: veml6075: add bounds check to veml6075_it_ms index
Date: Fri, 15 May 2026 15:33:07 +0100	[thread overview]
Message-ID: <20260515153236.1acf1ca4@jic23-huawei> (raw)
In-Reply-To: <DIIN3H0YMILE.3PFQWDK2BULIT@gmail.com>

On Fri, 15 May 2026 08:17:18 +1300
"Javier Carrasco" <javier.carrasco.cruz@gmail.com> wrote:

> On Fri May 15, 2026 at 5:23 AM +13, Greg Kroah-Hartman wrote:
> > From: Sam Daly <sam@samdaly.ie>
> >
> > veml6075_it_ms has 5 elements but VEML6075_CONF_IT can yield
> > values 0-7. If it returns a value >= 5, this causes an
> > out-of-bounds array access. Add a bounds check and return
> > -EINVAL if the index is out of range.

I'd prefer it if this sort of change called out that we don't expect
to ever see those values except when we have bus corruption or
a broken device.  Good to protect against but that info might help
folk decide whether to backport or not.

I'll add a note whilst applying.  Applied to the fixes-togreg
branch of iio.git.  I also rewrapped the description as 60 chars
is rather short.

Applied

Jonathan

> >
> > Assisted-by: gkh_clanker_2000
> > Cc: stable <stable@kernel.org>
> > Cc: Javier Carrasco <javier.carrasco.cruz@gmail.com>
> > Cc: Jonathan Cameron <jic23@kernel.org>
> > Cc: David Lechner <dlechner@baylibre.com>
> > Cc: "Nuno Sá" <nuno.sa@analog.com>
> > Cc: Andy Shevchenko <andy@kernel.org>
> > Signed-off-by: Sam Daly <sam@samdaly.ie>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >  drivers/iio/light/veml6075.c | 8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/iio/light/veml6075.c b/drivers/iio/light/veml6075.c
> > index edbb43407054..f7eb159e5cb4 100644
> > --- a/drivers/iio/light/veml6075.c
> > +++ b/drivers/iio/light/veml6075.c
> > @@ -100,7 +100,7 @@ static const struct iio_chan_spec veml6075_channels[] = {
> >
> >  static int veml6075_request_measurement(struct veml6075_data *data)
> >  {
> > -	int ret, conf, int_time;
> > +	int ret, conf, int_time, int_index;
> >
> >  	ret = regmap_read(data->regmap, VEML6075_CMD_CONF, &conf);
> >  	if (ret < 0)
> > @@ -117,7 +117,11 @@ static int veml6075_request_measurement(struct veml6075_data *data)
> >  	 * time for all possible configurations. Using a 1.50 factor simplifies
> >  	 * operations and ensures reliability under all circumstances.
> >  	 */
> > -	int_time = veml6075_it_ms[FIELD_GET(VEML6075_CONF_IT, conf)];
> > +	int_index = FIELD_GET(VEML6075_CONF_IT, conf);
> > +	if (int_index >= ARRAY_SIZE(veml6075_it_ms))
> > +		return -EINVAL;
> > +
> > +	int_time = veml6075_it_ms[int_index];
> >  	msleep(int_time + (int_time / 2));
> >
> >  	/* shutdown again, data registers are still accessible */  
> 
> Reviewed-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>

next prev parent reply	other threads:[~2026-05-15 14:33 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-14 16:23 [PATCH 1/3] iio: adc: ti-ads1298: add bounds check to pga_settings index Greg Kroah-Hartman
2026-05-14 16:23 ` [PATCH 2/3] iio: light: veml6075: add bounds check to veml6075_it_ms index Greg Kroah-Hartman
2026-05-14 19:17   ` Javier Carrasco
2026-05-15 14:33     ` Jonathan Cameron [this message]
2026-05-15 15:05       ` Greg Kroah-Hartman
2026-05-14 16:23 ` [PATCH 3/3] iio: adc: ad7768-1: add bounds check to ad7768_filter_regval_to_type index Greg Kroah-Hartman
2026-05-15 14:52   ` Jonathan Cameron
2026-05-15 14:39 ` [PATCH 1/3] iio: adc: ti-ads1298: add bounds check to pga_settings index Jonathan Cameron
2026-05-15 15:06   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260515153236.1acf1ca4@jic23-huawei \
    --to=jic23@kernel.org \
    --cc=andy@kernel.org \
    --cc=dlechner@baylibre.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=javier.carrasco.cruz@gmail.com \
    --cc=linux-iio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nuno.sa@analog.com \
    --cc=sam@samdaly.ie \
    --cc=stable@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox