github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 16:57:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4df1d2ffe1
linux/drivers/input/mouse
History
Arnd Bergmann 0225aaa741 Input: cyapa_gen6 - fix out-of-bounds stack access 
commit f051ae4f6c upstream.

gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:07 +01:00
..
alps.c Input: alps - fix a mismatch between a condition check and its comment 2019-07-26 09:14:22 +02:00
alps.h Input: ALPS - fix multi-touch decoding on SS4 plus touchpads 2018-01-12 00:41:36 -08:00
amimouse.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
appletouch.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
atarimouse.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
bcm5974.c Input: mouse - use local variables consistently 2017-01-21 23:52:22 -08:00
byd.c Input: byd - convert to using timer_setup() 2017-10-23 16:31:43 -07:00
byd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cyapa_gen3.c Input: cyapa - remove duplicated macro definitions 2018-01-08 17:42:00 -08:00
cyapa_gen5.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
cyapa_gen6.c Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:26:07 +01:00
cyapa.c Input: cyapa - remove redundant assignment to 'pwr_cmd' 2018-01-18 11:39:49 -08:00
cyapa.h Input: cyapa - fix for losing events during device power transitions 2016-03-04 11:32:13 -08:00
cypress_ps2.c Input: mouse - drop unnecessary calls to input_set_drvdata 2017-01-22 17:22:28 -08:00
cypress_ps2.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
elan_i2c_core.c Input: elan_i2c - remove Lenovo Legion Y7000 PnpID 2019-09-21 07:16:41 +02:00
elan_i2c_i2c.c Input: elan_i2c - extend Flash-Write delay 2017-09-22 10:07:38 -07:00
elan_i2c_smbus.c Input: elan_i2c_smbus - cast sizeof to int for comparison 2018-08-01 16:05:55 -07:00
elan_i2c.h Input: elan_i2c_smbus - fix more potential stack buffer overflows 2018-06-21 17:20:41 -07:00
elantech.c Revert "Input: elantech - enable SMBus on new (2018+) systems" 2019-09-06 12:40:02 +02:00
elantech.h Input: elantech - detect new ICs and setup Host Notify for them 2018-05-23 16:49:22 -07:00
focaltech.c Input: psmouse - cleanup Focaltech code 2016-10-24 17:19:25 -07:00
focaltech.h Input: psmouse - rearrange Focaltech init code 2015-12-17 15:23:54 -08:00
gpio_mouse.c Input: gpio_mouse - add device tree probing 2017-10-19 17:08:46 -07:00
hgpk.c Input: mouse - use local variables consistently 2017-01-21 23:52:22 -08:00
hgpk.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
inport.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
lifebook.c Input: lifebook - clean up code 2018-02-02 16:49:17 -08:00
lifebook.h
logibm.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
logips2pp.c Input: psmouse - move sliced command implementation to libps2 2018-02-02 16:50:24 -08:00
logips2pp.h Input: psmouse - rename ps2pp_init() to ps2pp_detect() 2015-12-17 15:24:37 -08:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
maplemouse.c Input: mouse - drop unnecessary calls to input_set_drvdata 2017-01-22 17:22:28 -08:00
navpoint.c
pc110pad.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
psmouse-base.c Input: psmouse - add a newline when printing 'proto' by sysfs 2020-08-26 10:31:01 +02:00
psmouse-smbus.c Input: psmouse-smbus - allow to control psmouse_deactivate 2018-05-23 16:49:22 -07:00
psmouse.h Input: psmouse-smbus - allow to control psmouse_deactivate 2018-05-23 16:49:22 -07:00
pxa930_trkball.c
rpcmouse.c
sentelic.c Input: sentelic - fix error return when fsp_reg_write fails 2020-08-21 11:05:37 +02:00
sentelic.h
sermouse.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
synaptics_i2c.c Input: synaptics_i2c - add OF device ID table 2017-03-23 14:46:32 -07:00
synaptics_usb.c Input: synaptics_usb - do not rely on input_dev->users 2018-03-17 11:05:18 -07:00
synaptics.c Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen 2020-07-29 10:16:53 +02:00
synaptics.h Input: synaptics - use u8 instead of unsigned char 2017-04-03 16:23:58 -07:00
touchkit_ps2.c
touchkit_ps2.h
trackpoint.c Input: trackpoint - enable Synaptics trackpoints 2020-10-07 08:00:08 +02:00
trackpoint.h Input: trackpoint - add new trackpoint variant IDs 2020-09-23 12:11:01 +02:00
vmmouse.c x86/virt: Add enum for hypervisors to replace x86_hyper 2017-11-10 10:03:12 +01:00
vmmouse.h
vsxxxaa.c