Re: [PATCH] Input: iforce - invert valid length check when fetching device IDs

From: Dmitry Torokhov
Date: Mon Nov 07 2022 - 13:29:32 EST

Next message: Eric Biggers: "Re: [f2fs-dev] [PATCH] f2fs: speed up f2fs_empty_dir()"
Previous message: pr-tracker-bot: "Re: [GIT PULL] platform-drivers-x86 for 6.1-3"
In reply to: Tetsuo Handa: "[PATCH] Input: iforce - invert valid length check when fetching device IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 07, 2022 at 07:47:15PM +0900, Tetsuo Handa wrote:
> syzbot is reporting uninitialized value at iforce_init_device() [1], for
> commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer
> when fetching device IDs") is checking that valid length is shorter than
> bytes to read. Since iforce_get_id_packet() stores valid length when
> returning 0, the caller needs to check that valid length is longer than or
> equals to bytes to read.
>
> Link: https://syzkaller.appspot.com/bug?extid=4dd880c1184280378821 [1]
> Reported-by: syzbot <syzbot+4dd880c1184280378821@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Fixes: 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs")

Applied, thank you.

--
Dmitry

Next message: Eric Biggers: "Re: [f2fs-dev] [PATCH] f2fs: speed up f2fs_empty_dir()"
Previous message: pr-tracker-bot: "Re: [GIT PULL] platform-drivers-x86 for 6.1-3"
In reply to: Tetsuo Handa: "[PATCH] Input: iforce - invert valid length check when fetching device IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]