On Sat, May 23, 2026 at 11:21:08PM +0200, Marcus Glocker wrote:
> While working on a new driver, I've noticed that qciic wouldn't NULL
> terminate a compatible string with a length of => 32 bytes, leading
> to an out-of-bounds read later on:
> 
> "samsung,galaxybook-kbd-backlighth\^A\M^_$\M^@\M^?\M^?\M^?b" at iic3 addr 0x62 not configured
> 
> To fix this, the following diff does basically mimic apliic_bus_scan()
> which works with malloc() for the compatible string instead.
> 
> As a side effect I also noticed that ia_namelen doesn't get set today,
> which could cause issues to match an secondary fallback string.
> 
> After the diff:
> 
> "samsung,galaxybook-kbd-backlight" at iic3 addr 0x62 not configured
> 
> Ok?

LGTM, ok jca@

-- 
jca