Input: iforce - invert valid length check when fetching device IDs - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2022-11-07 21:21:40 +0300
committer	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2022-11-07 21:28:58 +0300
commit	b8ebf250997c5fb253582f42bfe98673801ebebd (patch)
tree	46101c8341954b318bc7f17700036b866393ec66 /drivers/input/misc/soc_button_array.c
parent	c7e37cc6240767f794678d11704935d49cc81d59 (diff)
download	linux-b8ebf250997c5fb253582f42bfe98673801ebebd.tar.xz

Input: iforce - invert valid length check when fetching device IDs

syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read. Reported-by: syzbot <syzbot+4dd880c1184280378821@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Fixes: 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") Link: https://lore.kernel.org/r/531fb432-7396-ad37-ecba-3e42e7f56d5c@I-love.SAKURA.ne.jp Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

Diffstat (limited to 'drivers/input/misc/soc_button_array.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: