diff options
| author | Randy Dunlap <rdunlap@infradead.org> | 2020-12-16 17:12:21 -0800 |
|---|---|---|
| committer | Jiri Kosina <jkosina@suse.cz> | 2021-01-08 14:50:40 +0100 |
| commit | a0312af1f94d13800e63a7d0a66e563582e39aec (patch) | |
| tree | 92af6efdb9a29d2b7bda2fdafd5fda287e2ce8b0 /drivers/hid/hid-input.c | |
| parent | de925e2fbb44eed8a2a7ce166b485fed5eae01aa (diff) | |
| download | linux-a0312af1f94d13800e63a7d0a66e563582e39aec.tar.gz | |
HID: core: detect and skip invalid inputs to snto32()
Prevent invalid (0, 0) inputs to hid-core's snto32() function.
Maybe it is just the dummy device here that is causing this, but
there are hundreds of calls to snto32(0, 0). Having n (bits count)
of 0 is causing the current UBSAN trap with a shift value of
0xffffffff (-1, or n - 1 in this function).
Either of the value to shift being 0 or the bits count being 0 can be
handled by just returning 0 to the caller, avoiding the following
complex shift + OR operations:
return value & (1 << (n - 1)) ? value | (~0U << n) : value;
Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: syzbot+1e911ad71dd4ea72e04a@syzkaller.appspotmail.com
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-input@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'drivers/hid/hid-input.c')
0 files changed, 0 insertions, 0 deletions