github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 21:45:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
66c8e816f2
linux/drivers
History
Harshit Mogalapalli 66c8e816f2 HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() 
[ Upstream commit 62ac247355 ]

Smatch Warning:
drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy()
'&mcp->txbuf[5]' too small (59 vs 255)
drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf'
too small (34 vs 255)

The 'len' variable can take a value between 0-255 as it can come from
data->block[0] and it is user data. So add an bound check to prevent a
buffer overflow in memcpy().

Fixes: 67a95c2146 ("HID: mcp2221: add usb to i2c-smbus host bridge")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-08-21 15:16:01 +02:00
..
accessibility tty: the rest, stop using tty_schedule_flip() 2022-07-29 17:19:28 +02:00
acpi ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP 2022-08-21 15:15:34 +02:00
amba amba: Make the remove callback return void 2022-04-08 14:40:02 +02:00
android
ata ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() 2022-06-22 14:13:14 +02:00
atm atm: eni: Add check for dma_map_single 2022-03-23 09:13:27 +01:00
auxdisplay
base driver core: fix potential deadlock in __driver_attach 2022-08-21 15:15:55 +02:00
bcma
block xen/blkfront: force data bouncing when backend is untrusted 2022-07-07 17:52:22 +02:00
bluetooth Bluetooth: hci_intel: Add check for platform_driver_register 2022-08-21 15:15:49 +02:00
bus bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() 2022-08-21 15:15:35 +02:00
cdrom
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-29 08:59:54 +02:00
clk clk: qcom: camcc-sdm845: Fix topology around titan_top power domain 2022-08-21 15:15:56 +02:00
clocksource clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() 2022-07-07 17:52:23 +02:00
connector
counter
cpufreq cpufreq: pmac32-cpufreq: Fix refcount leak bug 2022-07-21 21:20:14 +02:00
cpuidle
crypto crypto: hisilicon/sec - fix auth key size error 2022-08-21 15:15:50 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-08 14:40:16 +02:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:52:18 +02:00
dio
dma dmaengine: sf-pdma: Add multithread support for a DMA channel 2022-08-21 15:15:57 +02:00
dma-buf udmabuf: add back sanity check 2022-06-29 08:59:48 +02:00
edac EDAC/ghes: Set the DIMM label unconditionally 2022-08-03 12:00:50 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:32:43 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:25:32 +02:00
firmware firmware: tegra: Fix error check return value of debugfs_create_file() 2022-08-21 15:15:31 +02:00
fpga fpga: altera-pr-ip: fix unsigned comparison with less than zero 2022-08-21 15:15:53 +02:00
fsi fsi: Aspeed: Fix a potential double free 2022-04-08 14:40:23 +02:00
gnss
gpio gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() 2022-08-21 15:16:01 +02:00
gpu drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. 2022-08-21 15:15:46 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-08 14:39:50 +02:00
hid HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() 2022-08-21 15:16:01 +02:00
hsi
hv Drivers: hv: vmbus: Release cpu lock in error case 2022-06-22 14:13:16 +02:00
hwmon hwmon: (drivetemp) Add module alias 2022-08-21 15:15:35 +02:00
hwspinlock
hwtracing intel_th: msu: Fix vmalloced buffers 2022-08-21 15:15:57 +02:00
i2c i2c: mux-gpmux: Add of_node_put() when breaking out of loop 2022-08-21 15:15:49 +02:00
i3c
ide
idle intel_idle: Disable IBRS during long idle 2022-07-25 11:26:43 +02:00
iio iio: accel: bma400: Reordering of header files 2022-08-21 15:15:54 +02:00
infiniband RDMA/hfi1: fix potential memory leak in setup_base_ctxt() 2022-08-21 15:16:01 +02:00
input Input: atmel_mxt_ts - fix up inverted RESET handler 2022-08-21 15:15:32 +02:00
interconnect interconnect: imx: fix max_node_id 2022-08-21 15:16:00 +02:00
iommu iommu/vt-d: Fix PCI bus rescan device hot add 2022-07-12 16:32:18 +02:00
ipack
irqchip irqchip/mips-gic: Check the return value of ioremap() in gic_of_init() 2022-08-21 15:15:29 +02:00
isdn isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() 2022-03-16 14:15:57 +01:00
leds
lightnvm lightnvm: disable the subsystem 2022-05-09 09:04:56 +02:00
macintosh macintosh/adb: fix oob read in do_adb_query() function 2022-08-11 13:06:47 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-09 10:21:18 +02:00
mcb
md dm: return early from dm_pr_call() if DM device is suspended 2022-08-21 15:15:37 +02:00
media media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment 2022-08-21 15:15:46 +02:00
memory memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings 2022-06-29 08:59:54 +02:00
memstick memstick/ms_block: Fix a memory leak 2022-08-21 15:15:58 +02:00
message
mfd mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() 2022-06-09 10:21:18 +02:00
misc eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() 2022-08-21 15:16:00 +02:00
mmc mmc: block: Add single read for 4k sector cards 2022-08-21 15:15:58 +02:00
most
mtd mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path 2022-08-21 15:15:53 +02:00
mux
net mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv 2022-08-21 15:15:55 +02:00
nfc NFC: nxp-nci: don't print header length mismatch on i2c error 2022-07-21 21:20:14 +02:00
ntb ntb: intel: fix port config status offset for SPR 2022-03-08 19:09:32 +01:00
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:52:15 +02:00
nvme nvme-pci: phison e16 has bogus namespace ids 2022-07-21 21:20:17 +02:00
nvmem nvmem: core: set size for sysfs bin file 2022-01-27 10:54:22 +01:00
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-09 10:21:03 +02:00
opp OPP: call of_node_put() on error path in _bandwidth_supported() 2022-06-09 10:21:18 +02:00
oprofile
parisc parisc: Check the return value of ioremap() in lba_driver_probe() 2022-08-21 15:15:23 +02:00
parport
pci PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks 2022-08-21 15:15:58 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:32:30 +02:00
perf drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX 2022-08-21 15:15:36 +02:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:32:32 +02:00
pinctrl pinctrl: stm32: fix optional IRQ support to gpios 2022-07-29 17:19:06 +02:00
platform platform/chrome: cros_ec: Always expose last resume result 2022-08-21 15:15:54 +02:00
pnp
power power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe 2022-07-29 17:19:10 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-13 21:00:55 +02:00
pwm pwm: lpc18xx-sct: Convert to devm_platform_ioremap_resource() 2022-08-21 15:15:37 +02:00
rapidio
ras
regulator regulator: of: Fix refcount leak bug in of_get_regulation_constraints() 2022-08-21 15:15:36 +02:00
remoteproc remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region 2022-04-08 14:40:26 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-27 13:53:52 +02:00
rpmsg rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails 2022-06-14 18:32:32 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:32:33 +02:00
s390 block: remove the request_queue to argument request based tracepoints 2022-08-21 15:15:36 +02:00
sbus
scsi scsi: smartpqi: Fix DMA direction for RAID requests 2022-08-21 15:15:59 +02:00
sfi
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-18 10:23:47 +02:00
soc soc: qcom: Make QCOM_RPMPD depend on PM 2022-08-21 15:15:36 +02:00
soundwire soundwire: bus_type: fix remove and shutdown support 2022-08-21 15:15:56 +02:00
spi spi: spi-rspi: Fix PIO fallback on RZ platforms 2022-08-21 15:15:31 +02:00
spmi
ssb
staging staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback 2022-08-21 15:15:57 +02:00
target target: remove an incorrect unmap zeroes data deduction 2022-06-09 10:21:01 +02:00
tc
tee optee: use driver internal tee_context for some rpc 2022-03-02 11:42:47 +01:00
thermal thermal: sysfs: Fix cooling_device_stats_setup() error code path 2022-08-21 15:15:22 +02:00
thunderbolt
tty serial: mvebu-uart: uart2 error bits clearing 2022-08-21 15:15:25 +02:00
uio
usb usb: dwc3: qcom: fix missing optional irq warnings 2022-08-21 15:15:59 +02:00
vdpa vdpasim: allow to enable a vq repeatedly 2022-06-09 10:21:29 +02:00
vfio amba: Make the remove callback return void 2022-04-08 14:40:02 +02:00
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 18:32:45 +02:00
video fbcon: Fix accelerated fbdev scrolling while logo is still shown 2022-08-21 15:15:22 +02:00
virt
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 21:20:13 +02:00
visorbus
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-13 21:01:01 +02:00
watchdog watchdog: wdat_wdt: Stop watchdog when rebooting the system 2022-06-14 18:32:43 +02:00
xen xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE 2022-07-29 17:19:07 +02:00
zorro
Kconfig
Makefile