Input: iforce - invert valid length check when fetching device IDs (b8ebf250) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit b8ebf250 authored Nov 07, 2022 by

Tetsuo Handa Committed by Dmitry Torokhov Nov 07, 2022

Input: iforce - invert valid length check when fetching device IDs

syzbot is reporting uninitialized value at iforce_init_device() [1], for
commit 6ac0aec6

 ("Input: iforce - allow callers supply data buffer
when fetching device IDs") is checking that valid length is shorter than
bytes to read. Since iforce_get_id_packet() stores valid length when
returning 0, the caller needs to check that valid length is longer than or
equals to bytes to read.

Reported-by: syzbot <syzbot+4dd880c1184280378821@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6ac0aec6

 ("Input: iforce - allow callers supply data buffer when fetching device IDs")
Link: https://lore.kernel.org/r/531fb432-7396-ad37-ecba-3e42e7f56d5c@I-love.SAKURA.ne.jp
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

parent c7e37cc6

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit fdd57c20
· Nov 30, 2022

mentioned in commit fdd57c20

mentioned in commit fdd57c20d4408cac3c3c535c120d244e083406c9

Toggle commit list

Please register or to comment