STAGING:iio:light: fix ISL29018 init to handle brownout
Grant Grundler
grundler at google.com
Fri Aug 26 05:27:06 UTC 2011
On Thu, Aug 25, 2011 at 6:15 PM, Dan Carpenter <error27 at gmail.com> wrote:
> Hi Grant,
>
> There is a memory corruption bug in 176f9f29cec9 "STAGING:iio:light:
> fix ISL29018 init to handle brownout".
>
> In isl29018_chip_init() we call:
> status = isl29018_write_data(client, ISL29018_REG_TEST, 0,
> ISL29018_TEST_MASK, ISL29018_TEST_SHIFT);
>
> where ISL29018_REG_TEST is 8.
>
> In isl29018_write_data() it uses reg (ISL29018_REG_TEST) as the
> offset into the ->reg_cache[] array:
> chip->reg_cache[reg] = regval;
>
> But ->reg_cache[] only has 3 elements, so we're past the end of the
> array.
Wow! Thanks! I'll look at the code in the morning and suggest a fix.
> I don't know the code well enough to fix this.
No problem - I'm happy you spotted this.
My initial suggestion for a fix is to just not reference reg_cache if
"reg" exceeds the size of reg_cache. In other words, don't cache those
values. This should normally work well since we don't other touch that
register in the driver AFAICT. But I'll review the code some more
tomorrow before submitting a fix.
cheers,
grant
>
> regards,
> dan carpenter
>
More information about the devel
mailing list