On Tue, 17 Aug 2021, F.A.Sulaiman wrote:
> This patch resolves the bug 'KASAN: slab-out-of-bounds Write in betop_probe' reported by Syzbot.
> This checkes hid_device's input is non empty before it's been used.
>
> Signed-off-by: F.A. SULAIMAN <asha.16@xxxxxxxxxxxxxxx>
> ---
> drivers/hid/hid-betopff.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/drivers/hid/hid-betopff.c b/drivers/hid/hid-betopff.c
> index 467d789f9bc2..27b57aef9a0a 100644
> --- a/drivers/hid/hid-betopff.c
> +++ b/drivers/hid/hid-betopff.c
> @@ -121,8 +121,18 @@ static int betopff_init(struct hid_device *hid)
>
> static int betop_probe(struct hid_device *hdev, const struct hid_device_id *id)
> {
> + struct hid_input *hidinput;
> + struct input_dev *dev;
> int ret;
>
> + if (list_empty(&hdev->inputs)) {
> + hid_err(hdev, "no inputs found\n");
> + return -ENODEV;
> + }
> +
> + hidinput = list_first_entry(&hdev->inputs, struct hid_input, list);
> + dev = hidinput->input;
> +
Thanks for the fix. Syzbot is right though -- what is the point of the
above assignment? Could you please resubmit a fixed up version?
Thanks,
--
Jiri Kosina
SUSE Labs
