DivestOS/Patches/Linux_CVEs/CVE-2017-0516/ANY/0.patch
2017-10-29 22:14:37 -04:00

38 lines
1.3 KiB
Diff

From 1e2b69bf3ab61979a05e796e76c8ecd1ec251c42 Mon Sep 17 00:00:00 2001
From: Dennis Cagle <d-cagle@codeaurora.org>
Date: Thu, 5 Jan 2017 17:22:13 -0800
Subject: [PATCH] input: misc: fix heap overflow issue in hbtp_input.c
Add the boundary check for ABS code before setting ABS params,
to avoid heap overflow.
Bug: 32341680
CRs-fixed: 1096301
Change-Id: I6aad9916c92d2f775632406374dbb803063148de
Signed-off-by: Vevek Venkatesan <vevekv@codeaurora.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
---
drivers/input/misc/hbtp_input.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/input/misc/hbtp_input.c b/drivers/input/misc/hbtp_input.c
index ef17d386644c9..7877e9b9f5162 100644
--- a/drivers/input/misc/hbtp_input.c
+++ b/drivers/input/misc/hbtp_input.c
@@ -129,9 +129,13 @@ static int hbtp_input_create_input_dev(struct hbtp_input_absinfo *absinfo)
input_mt_init_slots(input_dev, HBTP_MAX_FINGER, 0);
for (i = 0; i <= ABS_MT_LAST - ABS_MT_FIRST; i++) {
abs = absinfo + i;
- if (abs->active)
- input_set_abs_params(input_dev, abs->code,
+ if (abs->active) {
+ if (abs->code >= 0 && abs->code < ABS_CNT)
+ input_set_abs_params(input_dev, abs->code,
abs->minimum, abs->maximum, 0, 0);
+ else
+ pr_err("%s: ABS code out of bound\n", __func__);
+ }
}
error = input_register_device(input_dev);