Re: [RESEND PATCH] Input: elantech - Fix stack out of bound access in elantech_change_report_id()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 16, 2021 at 08:22:23AM +0100, Andrea Righi wrote:
> The array param[] in elantech_change_report_id() must be at least 3
> bytes, because elantech_read_reg_params() is calling ps2_command() with
> PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but
> it's defined in the stack as an array of 2 bytes, therefore we have a
> potential stack out-of-bounds access here, also confirmed by KASAN:

I think a comment in the code why the array size is 3 when only 2 values
are defined would be helpful. Like a short summary of the above.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux