Zepp-Hanzj opened a new pull request, #19419: URL: https://github.com/apache/nuttx/pull/19419
## Summary Fix security issue where uninitialized kernel stack contents could be leaked to userspace when `mfrc522_picc_select()` fails. In `mfrc522_read()`, the local variable `uid` was not initialized before being passed to `mfrc522_picc_select()`. If the function fails (e.g., due to bad data on the SPI bus), the uninitialized `uid.sak` value could pass the `PICC_TYPE_NOT_COMPLETE` check, causing `snprintf()` to copy uninitialized kernel stack data to the userspace buffer. Fixes #19417 ## Impact - [x] Security fix: prevents kernel stack information leak to userspace - [x] No functional changes for normal operation - [x] Properly propagates error codes from `mfrc522_picc_select()` ## Testing - Verified by code inspection against master - checkpatch passes - Builds successfully with sim:nsh + CONFIG_CL_MFRC522=y Signed-off-by: hanzhijian <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
