diff mbox series

i2c: core: Fix uninit-value in i2c_smbus_xfer_emulated

Message ID 20250609053507.10628-1-abhinav.ogl@gmail.com
State New
Delegated to: Wolfram Sang
Headers show
Series i2c: core: Fix uninit-value in i2c_smbus_xfer_emulated | expand

Commit Message

herculoxz June 9, 2025, 5:35 a.m. UTC 
BUG: KMSAN: uninit-value in i2c_smbus_xfer_emulated drivers/i2c/i2c-core-smbus.c:481 [inline]
BUG: KMSAN: uninit-value in __i2c_smbus_xfer+0x23e7/0x2f60

KMSAN reported an uninitialized value access in i2c_smbus_xfer_emulated at
drivers/i2c/i2c-core-smbus.c:481, triggered during an SMBus transfer via
i2cdev_ioctl_smbus. The issue occurs because the local buffers msgbuf0 and
msgbuf1 are not initialized before use, leading to potential undefined
behavior when their contents are accessed.

Initialize msgbuf0 and msgbuf1 with zeros using memset to ensure all buffer
contents are defined before they are used in the SMBus transfer. This
prevents the uninitialized value access reported by KMSAN.

Reported-by: syzbot+0a36c1fec090c67a9885@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0a36c1fec090c67a9885
Fixes: 02ddfb981de8 ("KMSAN : Fix uninit-value in i2c_smbus_xfer_emulated")
Signed-off-by: Abhinav Ananthu <abhinav.ogl@gmail.com>
---
 drivers/i2c/i2c-core-smbus.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index e73afbefe222..a3ee30b72f75 100644
--- a/drivers/i2c/i2c-core-smbus.c
+++ b/drivers/i2c/i2c-core-smbus.c
@@ -332,6 +332,8 @@  static s32 i2c_smbus_xfer_emulated(struct i2c_adapter *adapter, u16 addr,
 	 */
 	unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX+3];
 	unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2];
+	memset(msgbuf0, 0, sizeof(msgbuf0));
+	memset(msgbuf1, 0, sizeof(msgbuf1));
 	int nmsgs = read_write == I2C_SMBUS_READ ? 2 : 1;
 	u8 partial_pec = 0;
 	int status;