github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bc04118ed0
linux/drivers/input
History
Arnd Bergmann 0225aaa741 Input: cyapa_gen6 - fix out-of-bounds stack access 
commit f051ae4f6c upstream.

gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:07 +01:00
..
gameport Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
joystick Input: xpad - support Ardwiino Controllers 2020-12-08 10:18:55 +01:00
keyboard Input: cros_ec_keyb - send 'scancodes' in addition to key events 2020-12-30 11:26:06 +01:00
misc Input: cm109 - do not stomp on control URB 2020-12-30 11:25:39 +01:00
mouse Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:26:07 +01:00
rmi4 Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() 2020-06-03 08:19:33 +02:00
serio Input: i8042 - add Acer laptops to the i8042 reset list 2020-12-30 11:25:39 +01:00
tablet Input: pegasus_notetaker - fix endpoint sanity check 2020-01-29 16:43:20 +01:00
touchscreen Input: goodix - add upside-down quirk for Teclast X98 Pro tablet 2020-12-30 11:26:06 +01:00
apm-power.c
evbug.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
evdev.c Input: evdev - call input_flush_device() on release(), not flush() 2020-06-03 08:19:31 +02:00
ff-core.c Input: uinput - avoid FF flush when destroying device 2017-09-21 16:31:22 -07:00
ff-memless.c Input: ff-memless - kill timer in destroy() 2019-11-20 18:45:14 +01:00
input-compat.c Input: extend usable life of event timestamps to 2106 on 32 bit systems 2018-01-09 16:40:30 -08:00
input-compat.h Input: extend usable life of event timestamps to 2106 on 32 bit systems 2018-01-09 16:40:30 -08:00
input-leds.c treewide: Use struct_size() for kmalloc()-family 2018-06-06 11:15:43 -07:00
input-mt.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-06-27 09:16:53 -07:00
input-polldev.c Input: remove remaining unneeded MODULE_VERSION() usage 2018-01-16 16:48:25 -08:00
input.c Input: add safety guards to input_set_keycode() 2020-01-14 20:07:01 +01:00
joydev.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
Kconfig docs: fix broken references with multiple hints 2018-06-15 18:10:01 -03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
matrix-keymap.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
mousedev.c Input: mousedev - add a schedule point in mousedev_write() 2018-10-04 17:42:26 -07:00
sparse-keymap.c Input: remove remaining unneeded MODULE_VERSION() usage 2018-01-16 16:48:25 -08:00