Re: [PATCH] Input: gtco - bounds check collection indent level

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 11, 2019 at 03:22:32PM -0700, Grant Hernandez wrote:
> The GTCO tablet input driver configures itself from an HID report sent
> via USB during the initial enumeration process. Some debugging messages
> are generated during the parsing. A debugging message indentation
> counter is not bounds checked, leading to the ability for a specially
> crafted HID report to cause '-' and null bytes be written past the end
> of the indentation array. As long as the kernel has CONFIG_DYNAMIC_DEBUG
> enabled, this code will not be optimized out.  This was discovered
> during code review after a previous syzkaller bug was found in this
> driver.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Grant Hernandez <granthernandez@xxxxxxxxxx>

I wish we could convert gtco to be proper HID driver, so we woudl not
have to deal with custom HID parsing, but in the meantime this is
needed.

Applied, thank you.

-- 
Dmitry



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux