Skip to content

Drivers: MCUX ADC16: Correct buffer size calculation for multi-channel read sequences #98611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Drivers: MCUX ADC16: Correct buffer size calculation for multi-channel read sequences #98611

wants to merge 1 commit into from
+20 −3

Conversation

@kaabia
Copy link

@kaabia kaabia commented Oct 30, 2025

drivers: adc: mcux_adc16: Fix buffer size validation for multi-channel sequences

The mcux_adc16 driver's read function fails to correctly validate the user-provided buffer size when adc_sequence.options are used (i.e., for extra samplings or continuous conversions).

The validation calculation erroneously considered only the size required for a single channel multiplied by the total number of samplings: sizeof(uint16_t) * (extra_samplings + 1).

This neglects the total number of channels enabled in adc_sequence.channels, leading to a buffer overflow if the sequence includes multiple channels.

Fix this by using POPCOUNT(sequence->channels) to determine the correct number of channels and ensuring the buffer size is sufficient for all requested samples.

@github-actions
Copy link

Hello @kaabia, and thank you very much for your first pull request to the Zephyr project!
Our Continuous Integration pipeline will execute a series of checks on your Pull Request commit messages and code, and you are expected to address any failures by updating the PR. Please take a look at our commit message guidelines to find out how to format your commit messages, and at our contribution workflow to understand how to update your Pull Request. If you haven't already, please make sure to review the project's Contributor Expectations and update (by amending and force-pushing the commits) your pull request if necessary.
If you are stuck or need help please join us on Discord and ask your question there. Additionally, you can escalate the review when applicable. 😊

@zephyrbot zephyrbot added area: ADC Analog-to-Digital Converter (ADC) platform: NXP NXP labels Oct 30, 2025
@kaabia kaabia force-pushed the fix/mcux-adc16-buffer-size-validation branch from 429ad65 to 50a10ba Compare October 30, 2025 21:54
@kaabia
drivers: adc: mcux_adc16: Fix buffer size check for multi-channel reads
9b187ab 
The mcux_adc16 driver's read function fails to validate the user-provided
buffer size when `adc_sequence.options` are used (extra samplings).

The calculation erroneously considered only the size required for one
channel, neglecting the total number of channels in the sequence.

This leads to a **buffer overflow** when reading multiple channels.

Fix this by using `POPCOUNT(sequence->channels)` to determine the
correct channel count and ensure the buffer size is sufficient.

Signed-off-by: Your Name <[email protected]>
@kaabia kaabia force-pushed the fix/mcux-adc16-buffer-size-validation branch from 50a10ba to 9b187ab Compare October 30, 2025 23:37
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@decsny
Copy link
Member

decsny commented Oct 31, 2025

To get bug fixes merged for 4.3 release, the PR needs to be linked to a bug report issue

JarmouniA
JarmouniA reviewed Oct 31, 2025
View reviewed changes
drivers/adc/adc_mcux_adc16.c
return -EINVAL;
}

size_t min_buffer_size = channels_count * sizeof(uint16_t);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all declarations/definitions shall be at the function's start.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a written rule somewhere? never heard of it

@JarmouniA JarmouniA changed the title [MCUX ADC16] Fix: Correct buffer size calculation for multi-channel read sequences Drivers: MCUX ADC16: Correct buffer size calculation for multi-channel read sequences Oct 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JarmouniA JarmouniA JarmouniA left review comments

@anangl anangl Awaiting requested review from anangl

@dbaluta dbaluta Awaiting requested review from dbaluta

@decsny decsny Awaiting requested review from decsny

@dleach02 dleach02 Awaiting requested review from dleach02

@manuargue manuargue Awaiting requested review from manuargue

@mmahadevan108 mmahadevan108 Awaiting requested review from mmahadevan108

At least 2 approving reviews are required to merge this pull request.

Assignees

@mmahadevan108 mmahadevan108

@dleach02 dleach02

Labels

area: ADC Analog-to-Digital Converter (ADC) platform: NXP NXP

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kaabia @decsny @JarmouniA @mmahadevan108 @zephyrbot @dleach02