Commit 4df4084c authored by Tetsuo Handa's avatar Tetsuo Handa Committed by sanglipeng
Browse files

Input: iforce - invert valid length check when fetching device IDs 

stable inclusion
from stable-v5.10.156
commit 24cc679abbf31477d0cc6106ec83c2fbae6b3cdf
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7MCG1

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=24cc679abbf31477d0cc6106ec83c2fbae6b3cdf



--------------------------------

commit b8ebf250 upstream.

syzbot is reporting uninitialized value at iforce_init_device() [1], for
commit 6ac0aec6 ("Input: iforce - allow callers supply data buffer
when fetching device IDs") is checking that valid length is shorter than
bytes to read. Since iforce_get_id_packet() stores valid length when
returning 0, the caller needs to check that valid length is longer than or
equals to bytes to read.

Reported-by: default avatarsyzbot <syzbot+4dd880c1184280378821@syzkaller.appspotmail.com>
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6ac0aec6 ("Input: iforce - allow callers supply data buffer when fetching device IDs")
Link: https://lore.kernel.org/r/531fb432-7396-ad37-ecba-3e42e7f56d5c@I-love.SAKURA.ne.jp


Cc: stable@vger.kernel.org
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent e6bb23ee
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment