github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 16:57:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cfd402c22c
linux/drivers/input/mouse
History
Arnd Bergmann 0225aaa741 Input: cyapa_gen6 - fix out-of-bounds stack access 
commit f051ae4f6c upstream.

gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:07 +01:00
..
alps.c Input: alps - fix a mismatch between a condition check and its comment 2019-07-26 09:14:22 +02:00
alps.h
amimouse.c
appletouch.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
atarimouse.c
bcm5974.c
byd.c
byd.h
cyapa_gen3.c
cyapa_gen5.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
cyapa_gen6.c Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:26:07 +01:00
cyapa.c
cyapa.h
cypress_ps2.c
cypress_ps2.h
elan_i2c_core.c Input: elan_i2c - remove Lenovo Legion Y7000 PnpID 2019-09-21 07:16:41 +02:00
elan_i2c_i2c.c
elan_i2c_smbus.c Input: elan_i2c_smbus - cast sizeof to int for comparison 2018-08-01 16:05:55 -07:00
elan_i2c.h Input: elan_i2c_smbus - fix more potential stack buffer overflows 2018-06-21 17:20:41 -07:00
elantech.c Revert "Input: elantech - enable SMBus on new (2018+) systems" 2019-09-06 12:40:02 +02:00
elantech.h Input: elantech - detect new ICs and setup Host Notify for them 2018-05-23 16:49:22 -07:00
focaltech.c
focaltech.h
gpio_mouse.c
hgpk.c
hgpk.h
inport.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
lifebook.c
lifebook.h
logibm.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
logips2pp.c
logips2pp.h
Makefile
maplemouse.c
navpoint.c
pc110pad.c Input: stop telling users to snail-mail Vojtech 2018-07-26 17:04:37 -07:00
psmouse-base.c Input: psmouse - add a newline when printing 'proto' by sysfs 2020-08-26 10:31:01 +02:00
psmouse-smbus.c Input: psmouse-smbus - allow to control psmouse_deactivate 2018-05-23 16:49:22 -07:00
psmouse.h Input: psmouse-smbus - allow to control psmouse_deactivate 2018-05-23 16:49:22 -07:00
pxa930_trkball.c
rpcmouse.c
sentelic.c Input: sentelic - fix error return when fsp_reg_write fails 2020-08-21 11:05:37 +02:00
sentelic.h
sermouse.c Input: mark expected switch fall-throughs 2018-08-08 11:23:27 -07:00
synaptics_i2c.c
synaptics_usb.c
synaptics.c Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen 2020-07-29 10:16:53 +02:00
synaptics.h
touchkit_ps2.c
touchkit_ps2.h
trackpoint.c Input: trackpoint - enable Synaptics trackpoints 2020-10-07 08:00:08 +02:00
trackpoint.h Input: trackpoint - add new trackpoint variant IDs 2020-09-23 12:11:01 +02:00
vmmouse.c
vmmouse.h
vsxxxaa.c