[PATCH] ff-memless: fix signed to unsigned bit overflow in ml_combile_effects()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When userspace sets effect->u.rumble.strong_magnitude to 0x8001 or larger,
ml_combine_effects() would always return strong_magnitude 0xffff.

Problem is that 'gain' is passed in as signed integer. Multiplying magnitude
(__u16) with gain (int) causes magnitude read as signed and results negative
value (with magnitude > 0x8000). This signed integer is then divided and
value, still negative, converted to 32bit unsigned integer. Finally checking
combine overflow min(new+old, 0xffff) gives out 0xffff.

Fix is to simply change 'gain' to unsigned int.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@xxxxxxxx>
---

 drivers/input/ff-memless.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/input/ff-memless.c b/drivers/input/ff-memless.c
index bc4e40f..2d1415e 100644
--- a/drivers/input/ff-memless.c
+++ b/drivers/input/ff-memless.c
@@ -226,7 +226,7 @@ static int get_compatible_type(struct ff_device *ff, int effect_type)
  */
 static void ml_combine_effects(struct ff_effect *effect,
 			       struct ml_effect_state *state,
-			       int gain)
+			       unsigned int gain)
 {
 	struct ff_effect *new = state->effect;
 	unsigned int strong, weak, i;

--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux