Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 06:31:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
f051ae4f6c
linux/drivers/input
History
Arnd Bergmann f051ae4f6c Input: cyapa_gen6 - fix out-of-bounds stack access 
gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2020-12-14 15:02:04 -08:00
..
gameport treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
joystick Input: use input_device_enabled() 2020-12-02 22:10:33 -08:00
keyboard Input: adp5589-keys - do not explicitly control IRQ for wakeup 2020-12-11 13:15:53 -08:00
misc Input: sc27xx - add support for sc2730 and sc2721 2020-12-11 19:00:21 -08:00
mouse Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-14 15:02:04 -08:00
rmi4 Input: synaptics-rmi4 - use new structure for SPI transfer delays 2020-12-10 23:39:16 -08:00
serio Input: parkbd - convert comma to semicolon 2020-12-11 13:06:11 -08:00
tablet Input: gtco - remove driver 2020-12-09 17:47:36 -08:00
touchscreen Input: stmpe - add axis inversion and swapping capability 2020-12-11 16:26:03 -08:00
apm-power.c
evbug.c
evdev.c Input: evdev - per-client waitgroups 2020-10-06 18:34:15 -07:00
ff-core.c
ff-memless.c Input: ff-memless - kill timer in destroy() 2019-11-15 11:45:03 -08:00
input-compat.c
input-compat.h
input-leds.c
input-mt.c Input: MT - avoid comma separated statements 2020-08-25 10:26:05 -07:00
input-poller.c Input: use input_device_enabled() 2020-12-02 22:10:33 -08:00
input-poller.h Input: add support for polling to input devices 2019-08-20 12:04:07 -07:00
input.c Input: Add "inhibited" property 2020-12-02 22:10:35 -08:00
joydev.c Linux 5.2 2019-07-15 09:42:32 -07:00
Kconfig Input: remove input_polled_dev implementation 2020-12-02 12:35:14 -08:00
Makefile Input: remove input_polled_dev implementation 2020-12-02 12:35:14 -08:00
matrix-keymap.c Input: matrix-keymap - switch to use device_property_count_u32() 2019-08-12 00:03:13 -07:00
mousedev.c *: convert stream-like files -> stream_open, even if they use noop_llseek 2019-07-14 16:09:19 +03:00
sparse-keymap.c Input: Use fallthrough pseudo-keyword 2020-07-07 11:25:54 -07:00