Input: iforce - invert valid length check when fetching device IDs
stable inclusion from stable-v5.10.156 commit 24cc679abbf31477d0cc6106ec83c2fbae6b3cdf category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7MCG1 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=24cc679abbf31477d0cc6106ec83c2fbae6b3cdf -------------------------------- commit b8ebf250 upstream. syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read. Reported-by: Nsyzbot <syzbot+4dd880c1184280378821@syzkaller.appspotmail.com> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Fixes: 6ac0aec6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") Link: https://lore.kernel.org/r/531fb432-7396-ad37-ecba-3e42e7f56d5c@I-love.SAKURA.ne.jp Cc: stable@vger.kernel.org Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Nsanglipeng <sanglipeng1@jd.com> (cherry picked from commit 4df4084c)
Showing
想要评论请 注册 或 登录