| Message ID | 20221111125511.28676-1-abelova@astralinux.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp725084wru;
Fri, 11 Nov 2022 05:02:23 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6cDv+wSNvMXcaYhc8ymm204EkAy6MgE6de7dpjokrUvQlliX0NZjO0t/oZYFxlaKM3kCEa
X-Received: by 2002:a63:3c3:0:b0:439:3aad:c1c3 with SMTP id
186-20020a6303c3000000b004393aadc1c3mr1541160pgd.350.1668171743285;
Fri, 11 Nov 2022 05:02:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668171743; cv=none;
d=google.com; s=arc-20160816;
b=1KypQGXZJCwemMfHMBJJ0lBhmBfpEF13vYbFawFC1nt3xNkmwmhMGtl7pFS4E7r2dG
u+xwCYpWeIHneRmY3VXo8OQZPXRt5j+IfBCwC3z9RCJNxwZEUFOFddwhQwJuhHMIF90E
WCrlhTi89GYc+1jnGWVlF1lGU4I7PT96ziQ5a4+0ZwETqhiH5+v2cDez4cETK/4ftd9a
m/IDh8p7nvBihH/CKKWU0EWpYOaXi5Q3oCDcX5q+Y5MSxtoMcivNp7Yt11tOdYSpB16R
Km9s6igEO3IsnKoNbhZLxiMt5/2K2sySNKGmuzRRqNDb7hGQWN8PuIxPzh550AmwWo2B
wwsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=Y47uV86YUMCWP7Or9QWd7N54rt5YhS6IU+wPy/DHRe0=;
b=jfSjKyKPmnMKUDiXfiIg7encMdlK3hD21lfYLw8/40KLIjPtOH3ggSOo/VbBjRjrsO
SP3UxJ7nZ+Ie3v73gFgcsoKKiPzeazWw8lVqyLzc/UIPGkl+TwdZa4Z4HZtjDPpmUkNi
dOO8FN/CCaOdnxdaBSBTKllpqLsZzqYQxvFJfRcRb2QgYG2dyym3X1F/MTAgmgTDHbFD
HCRxvj4cBQb3W/exNpluF3cfXfgU7RcpLp0O34f4NtPfnPiFBUyzAkfzz6aXW+ZztosQ
mt3pOsEIP0KfyUgYx9sREJRr1Z5ULNJU93IVrX9rPbP1TVHEaUybA420iG9OnWA04brX
jVRw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
bh5-20020a170902a98500b001884ba97a0fsi2095767plb.567.2022.11.11.05.02.08;
Fri, 11 Nov 2022 05:02:23 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232943AbiKKMzc (ORCPT <rfc822;winker.wchi@gmail.com>
+ 99 others); Fri, 11 Nov 2022 07:55:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58682 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229675AbiKKMz3 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 11 Nov 2022 07:55:29 -0500
Received: from mail.astralinux.ru (mail.astralinux.ru [217.74.38.119])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5494A7BE7C
for <linux-kernel@vger.kernel.org>;
Fri, 11 Nov 2022 04:55:27 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by mail.astralinux.ru (Postfix) with ESMTP id D69661864572;
Fri, 11 Nov 2022 15:55:23 +0300 (MSK)
Received: from mail.astralinux.ru ([127.0.0.1])
by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1])
(amavisd-new, port 10032)
with ESMTP id lrwncELfyS6b; Fri, 11 Nov 2022 15:55:23 +0300 (MSK)
Received: from localhost (localhost [127.0.0.1])
by mail.astralinux.ru (Postfix) with ESMTP id 7F5C618637F2;
Fri, 11 Nov 2022 15:55:23 +0300 (MSK)
X-Virus-Scanned: amavisd-new at astralinux.ru
Received: from mail.astralinux.ru ([127.0.0.1])
by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1])
(amavisd-new, port 10026)
with ESMTP id MgC1RnOcxzqF; Fri, 11 Nov 2022 15:55:23 +0300 (MSK)
Received: from rbta-msk-lt-106062.astralinux.ru (unknown [10.177.20.20])
by mail.astralinux.ru (Postfix) with ESMTPSA id 17CC418642A3;
Fri, 11 Nov 2022 15:55:23 +0300 (MSK)
From: Anastasia Belova <abelova@astralinux.ru>
To: Jiri Kosina <jikos@kernel.org>
Cc: Anastasia Belova <abelova@astralinux.ru>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>, =?utf-8?q?Michal_Mal?=
=?utf-8?q?=C3=BD?= <madcatxster@devoid-pointer.net>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: [PATCH] HID: hid-lg4ff: Add check for empty lbuf
Date: Fri, 11 Nov 2022 15:55:11 +0300
Message-Id: <20221111125511.28676-1-abelova@astralinux.ru>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749204854349707362?=
X-GMAIL-MSGID: =?utf-8?q?1749204854349707362?=
|
| Series |
HID: hid-lg4ff: Add check for empty lbuf
|
|
Commit Message
Anastasia Belova
Nov. 11, 2022, 12:55 p.m. UTC
If an empty buf is received, lbuf is also empty. So lbuf is
accessed by index -1.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: f31a2de3fe36 ("HID: hid-lg4ff: Allow switching of Logitech gaming wheels between compatibility modes")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
---
drivers/hid/hid-lg4ff.c | 6 ++++++
1 file changed, 6 insertions(+)
Comments
On Fri, 11 Nov 2022, Anastasia Belova wrote: > If an empty buf is received, lbuf is also empty. So lbuf is > accessed by index -1. Good catch, thanks! > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: f31a2de3fe36 ("HID: hid-lg4ff: Allow switching of Logitech gaming wheels between compatibility modes") > > Signed-off-by: Anastasia Belova <abelova@astralinux.ru> I've put the Fixes: line into the SOB/metadata space, and applied. Thank you,
diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c index 5e6a0cef2a06..e3fcf1353fb3 100644 --- a/drivers/hid/hid-lg4ff.c +++ b/drivers/hid/hid-lg4ff.c @@ -872,6 +872,12 @@ static ssize_t lg4ff_alternate_modes_store(struct device *dev, struct device_att return -ENOMEM; i = strlen(lbuf); + + if (i == 0) { + kfree(lbuf); + return -EINVAL; + } + if (lbuf[i-1] == '\n') { if (i == 1) { kfree(lbuf);