2017-11-07 17:32:46 -05:00
|
|
|
From 0dba52cf7955306c71fb76d16437d848c953e462 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Vevek Venkatesan <vevekv@codeaurora.org>
|
|
|
|
|
Date: Fri, 23 Dec 2016 11:34:32 +0530
|
|
|
|
|
Subject: input: misc: fix heap overflow issue in hbtp_input.c
|
2017-10-29 01:48:53 -04:00
|
|
|
|
|
|
|
|
Add the boundary check for ABS code before setting ABS params,
|
|
|
|
|
to avoid heap overflow.
|
|
|
|
|
|
|
|
|
|
Change-Id: I6aad9916c92d2f775632406374dbb803063148de
|
|
|
|
|
Signed-off-by: Vevek Venkatesan <vevekv@codeaurora.org>
|
|
|
|
|
---
|
|
|
|
|
drivers/input/misc/hbtp_input.c | 8 ++++++--
|
|
|
|
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/drivers/input/misc/hbtp_input.c b/drivers/input/misc/hbtp_input.c
|
2017-11-07 17:32:46 -05:00
|
|
|
index 4c0e9a9..e80afcf 100644
|
2017-10-29 01:48:53 -04:00
|
|
|
--- a/drivers/input/misc/hbtp_input.c
|
|
|
|
|
+++ b/drivers/input/misc/hbtp_input.c
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -130,9 +130,13 @@ static int hbtp_input_create_input_dev(struct hbtp_input_absinfo *absinfo)
|
2017-10-29 01:48:53 -04:00
|
|
|
input_mt_init_slots(input_dev, HBTP_MAX_FINGER, 0);
|
|
|
|
|
for (i = 0; i <= ABS_MT_LAST - ABS_MT_FIRST; i++) {
|
|
|
|
|
abs = absinfo + i;
|
|
|
|
|
- if (abs->active)
|
|
|
|
|
- input_set_abs_params(input_dev, abs->code,
|
|
|
|
|
+ if (abs->active) {
|
|
|
|
|
+ if (abs->code >= 0 && abs->code < ABS_CNT)
|
|
|
|
|
+ input_set_abs_params(input_dev, abs->code,
|
|
|
|
|
abs->minimum, abs->maximum, 0, 0);
|
|
|
|
|
+ else
|
|
|
|
|
+ pr_err("%s: ABS code out of bound\n", __func__);
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
error = input_register_device(input_dev);
|
2017-11-07 17:32:46 -05:00
|
|
|
--
|
|
|
|
|
cgit v1.1
|
|
|
|
|
|
