[PATCH v2 1/3] iio: adc: xilinx-ams: fix out-of-bounds channel lookup in event handling
Andy Shevchenko
andriy.shevchenko at intel.com
Tue Apr 14 11:37:04 PDT 2026
On Tue, Apr 14, 2026 at 07:29:17AM -0300, Guilherme Ivo Bozi wrote:
> ams_event_to_channel() may return a pointer past the end of
> dev->channels when no matching scan_index is found. This can lead
> to invalid memory access in ams_handle_event().
>
> Add a bounds check in ams_event_to_channel() and return NULL when
> no channel is found. Also guard the caller to safely handle this
> case.
...
> + if (i >= dev->num_channels)
The '==' is clearer. Otherwise, please justify the '>' part.
> + return NULL;
...
TBH I do not see how this code is not a dead code. But for the sake of
robustness it might be added. I leave it up to the maintainer.
--
With Best Regards,
Andy Shevchenko
More information about the linux-arm-kernel
mailing list