github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 08:43:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
34da25dd21
linux/drivers/input/mouse
History
Arnd Bergmann 0225aaa741 Input: cyapa_gen6 - fix out-of-bounds stack access 
commit f051ae4f6c upstream.

gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:07 +01:00
..
alps.c Input: alps - fix a mismatch between a condition check and its comment 2019-07-26 09:14:22 +02:00
alps.h
amimouse.c
appletouch.c
atarimouse.c
bcm5974.c
byd.c
byd.h
cyapa_gen3.c
cyapa_gen5.c
cyapa_gen6.c Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:26:07 +01:00
cyapa.c
cyapa.h
cypress_ps2.c
cypress_ps2.h
elan_i2c_core.c Input: elan_i2c - remove Lenovo Legion Y7000 PnpID 2019-09-21 07:16:41 +02:00
elan_i2c_i2c.c
elan_i2c_smbus.c
elan_i2c.h
elantech.c Revert "Input: elantech - enable SMBus on new (2018+) systems" 2019-09-06 12:40:02 +02:00
elantech.h
focaltech.c
focaltech.h
gpio_mouse.c
hgpk.c
hgpk.h
inport.c
Kconfig
lifebook.c
lifebook.h
logibm.c
logips2pp.c
logips2pp.h
Makefile
maplemouse.c
navpoint.c
pc110pad.c
psmouse-base.c Input: psmouse - add a newline when printing 'proto' by sysfs 2020-08-26 10:31:01 +02:00
psmouse-smbus.c
psmouse.h
pxa930_trkball.c
rpcmouse.c
sentelic.c Input: sentelic - fix error return when fsp_reg_write fails 2020-08-21 11:05:37 +02:00
sentelic.h
sermouse.c
synaptics_i2c.c
synaptics_usb.c
synaptics.c Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen 2020-07-29 10:16:53 +02:00
synaptics.h
touchkit_ps2.c
touchkit_ps2.h
trackpoint.c Input: trackpoint - enable Synaptics trackpoints 2020-10-07 08:00:08 +02:00
trackpoint.h Input: trackpoint - add new trackpoint variant IDs 2020-09-23 12:11:01 +02:00
vmmouse.c
vmmouse.h
vsxxxaa.c