iio: Fix a buffer overflow in iio_utils.h example code
This was originally reported by Craig Markwardt on Zubair Lutfullah's blog and Zubair forwarded it to linux-iio@vger.kernel.org. No email address known. The code first counted the number of enabled channels, then created an array to hold information about them. The code that filled this array then stored whether a given element was enabled inside the array. Curriously this element was never used. Craig's patch added a local temporary variable to avoid the buffer overrun. Jonathan then removed the original enabled element of the structure as it was not needed at all. Signed-off-by: Zubair Lutfullah <zubair.lutfullah@gmail.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
This commit is contained in:
parent
e9ed104de6
commit
66c65d90db
|
@ -77,7 +77,6 @@ struct iio_channel_info {
|
|||
uint64_t mask;
|
||||
unsigned be;
|
||||
unsigned is_signed;
|
||||
unsigned enabled;
|
||||
unsigned location;
|
||||
};
|
||||
|
||||
|
@ -335,6 +334,7 @@ inline int build_channel_array(const char *device_dir,
|
|||
while (ent = readdir(dp), ent != NULL) {
|
||||
if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
|
||||
"_en") == 0) {
|
||||
int current_enabled = 0;
|
||||
current = &(*ci_array)[count++];
|
||||
ret = asprintf(&filename,
|
||||
"%s/%s", scan_el_dir, ent->d_name);
|
||||
|
@ -350,10 +350,10 @@ inline int build_channel_array(const char *device_dir,
|
|||
ret = -errno;
|
||||
goto error_cleanup_array;
|
||||
}
|
||||
fscanf(sysfsfp, "%u", ¤t->enabled);
|
||||
fscanf(sysfsfp, "%u", ¤t_enabled);
|
||||
fclose(sysfsfp);
|
||||
|
||||
if (!current->enabled) {
|
||||
if (!current_enabled) {
|
||||
free(filename);
|
||||
count--;
|
||||
continue;
|
||||
|
|
Loading…
Reference in New Issue