From 0dba52cf7955306c71fb76d16437d848c953e462 Mon Sep 17 00:00:00 2001 From: Vevek Venkatesan Date: Fri, 23 Dec 2016 11:34:32 +0530 Subject: input: misc: fix heap overflow issue in hbtp_input.c Add the boundary check for ABS code before setting ABS params, to avoid heap overflow. Change-Id: I6aad9916c92d2f775632406374dbb803063148de Signed-off-by: Vevek Venkatesan --- drivers/input/misc/hbtp_input.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/input/misc/hbtp_input.c b/drivers/input/misc/hbtp_input.c index 4c0e9a9..e80afcf 100644 --- a/drivers/input/misc/hbtp_input.c +++ b/drivers/input/misc/hbtp_input.c @@ -130,9 +130,13 @@ static int hbtp_input_create_input_dev(struct hbtp_input_absinfo *absinfo) input_mt_init_slots(input_dev, HBTP_MAX_FINGER, 0); for (i = 0; i <= ABS_MT_LAST - ABS_MT_FIRST; i++) { abs = absinfo + i; - if (abs->active) - input_set_abs_params(input_dev, abs->code, + if (abs->active) { + if (abs->code >= 0 && abs->code < ABS_CNT) + input_set_abs_params(input_dev, abs->code, abs->minimum, abs->maximum, 0, 0); + else + pr_err("%s: ABS code out of bound\n", __func__); + } } error = input_register_device(input_dev); -- cgit v1.1