Check before dereferencing field->hidinput to fix a reported invalid
deference bug.
Signed-off-by: Rafi Rubin <rafi@xxxxxxxxxxxxxx>
---
After additional debugging, I realized I'm seeing a variant of Peter's
bug. On unloading and then reloading hid-ntrig I'm seeing calls during
initialization to ntrig_event where field->hidinput is NULL and the
claimed input flag is still set. It seems to me this behavior shouldn't
happen and the check should be further up the stack.
Sorry about sending a such a trivial patch repeatedly :/
---
drivers/hid/hid-ntrig.c | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
index beb4034..a93e58c 100644
--- a/drivers/hid/hid-ntrig.c
+++ b/drivers/hid/hid-ntrig.c
@@ -539,8 +539,19 @@ static int ntrig_input_mapped(struct hid_device *hdev, struct hid_input *hi,
static int ntrig_event (struct hid_device *hid, struct hid_field *field,
struct hid_usage *usage, __s32 value)
{
- struct input_dev *input = field->hidinput->input;
struct ntrig_data *nd = hid_get_drvdata(hid);
+ struct input_dev *input;
+
+ /* Skip processing if not a claimed input */
+ if (!(hid->claimed & HID_CLAIMED_INPUT))
+ goto not_claimed_input;
+
+ /* This function is being called before the structures are fully
+ * initialized */
+ if(!(field->hidinput && field->hidinput->input))
+ return -EINVAL;
+
+ input = field->hidinput->input;
/* No special handling needed for the pen */
if (field->application == HID_DG_PEN)
@@ -810,6 +821,8 @@ static int ntrig_event (struct hid_device *hid, struct hid_field *field,
}
}
+not_claimed_input:
+
/* we have handled the hidinput part, now remains hiddev */
if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_hid_event)
hid->hiddev_hid_event(hid, field, usage, value);
--
1.7.2.3
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
