iio: bmp280: zero-init buffer

Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The
struct used for the buffer has holes in it, so we need to make sure that
the holes are zeroed out rather than containing uninitialized data from
the stack.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/
Fixes: 872c8014e05e ("iio: pressure: bmp280: drop sensor_data array")
Signed-off-by: David Lechner <dlechner@baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa@analog.com>
Link: https://patch.msgid.link/20250506-iio-pressure-bmp280-zero-init-buffer-v1-1-0935c31558ac@baylibre.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>

diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c
index 5728cc1..f37f207 100644 (file)
--- a/drivers/iio/pressure/bmp280-core.c
+++ b/drivers/iio/pressure/bmp280-core.c
@@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p)
        } buffer;
        int ret;
 
+       /* Don't leak uninitialized stack to userspace. */
+       memset(&buffer, 0, sizeof(buffer));
+
        guard(mutex)(&data->lock);
 
        /* Burst read data registers */