Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 9a1aa8676f4a723406b849335848b060d7732370
commit9a1aa8676f4a723406b849335848b060d7732370[log] [tgz]
authorDmitry Torokhov <dmitry.torokhov@gmail.com>Mon Oct 23 16:46:00 2017 -0700
committerchrmhoffmann <chrmhoffmann@gmail.com>Sat Aug 04 10:49:40 2018 +0200
tree43ac6f460d0678d0a594e5a1d016013b024f42b7
parentbd170eba18347a50304683b752ca0057ed405029 [diff]
Input: gtco - fix potential out-of-bound access

commit a50829479f58416a013a4ccca791336af3c584c7 upstream.

parse_hid_report_descriptor() has a while (i < length) loop, which
only guarantees that there's at least 1 byte in the buffer, but the
loop body can read multiple bytes which causes out-of-bounds access.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[bwh: Backported to 3.2: use &device->usbdev->dev as the device for dev_err()]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
CVE-2017-16643
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>

Change-Id: Iad3238c7e8fde8d4db56fef3d9758794e80b7321
1 file changed
tree: 43ac6f460d0678d0a594e5a1d016013b024f42b7
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS