The patch titled
evdev: fix overflow in compat_ioctl
has been removed from the -mm tree. Its filename was
evdev-fix-overflow-in-compat_ioctl.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: evdev: fix overflow in compat_ioctl
From: Kenichi Nagai <kenichi3.nagai@xxxxxxxxxxxxx>
When exporting input device bitmaps via compat_ioctl on BIG_ENDIAN
platforms evdev calculates data size incorrectly. This causes buffer
overflow if user specifies buffer smaller than maxlen.
Signed-off-by: Kenichi Nagai <kenichi3.nagai@xxxxxxxxxxxxx>
Signed-off-by: Dmitry Torokhov <dtor@xxxxxxx>
Cc: <stable@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/input/evdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN drivers/input/evdev.c~evdev-fix-overflow-in-compat_ioctl drivers/input/evdev.c
--- a/drivers/input/evdev.c~evdev-fix-overflow-in-compat_ioctl
+++ a/drivers/input/evdev.c
@@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *b
if (compat) {
len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t);
- if (len < maxlen)
+ if (len > maxlen)
len = maxlen;
for (i = 0; i < len / sizeof(compat_long_t); i++)
_
Patches currently in -mm which might be from kenichi3.nagai@xxxxxxxxxxxxx are
origin.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
