#syz test

---
 drivers/comedi/drivers/multiq3.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/comedi/drivers/multiq3.c b/drivers/comedi/drivers/multiq3.c
index 467587b0b250..dc27651e0ace 100644
--- a/drivers/comedi/drivers/multiq3.c
+++ b/drivers/comedi/drivers/multiq3.c
@@ -67,6 +67,11 @@
 #define MULTIQ3_TRSFRCNTR_OL		0x10	/* xfer CNTR to OL (x and y) */
 #define MULTIQ3_EFLAG_RESET		0x06	/* reset E bit of flag reg */
 
+/*
+ * Semi-arbitrary limit on the number of optional encoder chips
+ */
+#define MULTIQ3_MAX_ENC_CHIPS		16
+
 static void multiq3_set_ctrl(struct comedi_device *dev, unsigned int bits)
 {
 	/*
@@ -314,6 +319,11 @@ static int multiq3_attach(struct comedi_device *dev,
 
 	/* Encoder (Counter) subdevice */
 	s = &dev->subdevices[4];
+
+	/* sanity check for number of optional encoders */
+	if (it->options[2] > MULTIQ3_MAX_ENC_CHIPS)
+		it->options[2] = MULTIQ3_MAX_ENC_CHIPS;
+
 	s->type		= COMEDI_SUBD_COUNTER;
 	s->subdev_flags	= SDF_READABLE | SDF_LSAMPL;
 	s->n_chan	= it->options[2] * 2;

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7811bb68a317954a0347@syzkaller.appspotmail.com
Tested-by: syzbot+7811bb68a317954a0347@syzkaller.appspotmail.com

Tested on:

commit:         606da5bb Add linux-next specific files for 20251020
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=112943cd980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=be983e1d3d00440c
dashboard link: https://syzkaller.appspot.com/bug?extid=7811bb68a317954a0347
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14df9734580000

Note: testing is done by a robot and is best-effort only.