iio: fix potential out-of-bound write
The buffer is set to 20 characters. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". To protect from OoB access, check that the input size fit into buffer and add a zero terminator after copy to the end of the copied data. Fixes: 6d5dd486 iio: core: make use of simple_write_to_buffer() Signed-off-by:Markus Burri <markus.burri@mt.com> Link: https://patch.msgid.link/20250508130612.82270-4-markus.burri@mt.com Signed-off-by:
Jonathan Cameron <Jonathan.Cameron@huawei.com>
Loading
Please sign in to comment