evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/input
History
Dmitry Torokhov ca85a2e3dd Input: leds - fix out of bound access 
commit 6bd6ae639683c0b41f46990d5c64ff9fbfa019dc upstream.

UI_SET_LEDBIT ioctl() causes the following KASAN splat when used with
led > LED_CHARGING:

[ 1274.663418] BUG: KASAN: slab-out-of-bounds in input_leds_connect+0x611/0x730 [input_leds]
[ 1274.663426] Write of size 8 at addr ffff88003377b2c0 by task ckb-next-daemon/5128

This happens because we were writing to the led structure before making
sure that it exists.

Reported-by: Tasos Sahanidis <tasos@tasossah.com>
Tested-by: Tasos Sahanidis <tasos@tasossah.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-16 10:06:48 +02:00
..
gameport
joystick Input: xpad - add support for Razer Wildcat gamepad 2017-04-21 09:30:05 +02:00
keyboard Input: qt1070 - add OF device ID table 2018-03-22 09:23:22 +01:00
misc Input: drv260x - fix initializing overdrive voltage 2018-04-29 07:50:01 +02:00
mouse Input: elan_i2c - clear INT before resetting controller 2018-04-13 19:50:11 +02:00
serio Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad 2018-04-08 11:52:00 +02:00
tablet Input: gtco - fix potential out-of-bound access 2017-11-02 09:40:49 +01:00
touchscreen Input: ar1021_i2c - fix too long name in driver's device table 2018-03-24 10:58:40 +01:00
apm-power.c
evbug.c
evdev.c Input: evdev - fix bug in checking duplicate clock change request 2015-10-31 10:35:02 -07:00
ff-core.c Input: document and check on implicitly defined FF_MAX_EFFECTS 2015-10-16 15:32:16 -07:00
ff-memless.c
input-compat.c
input-compat.h
input-leds.c Input: leds - fix out of bound access 2018-05-16 10:06:48 +02:00
input-mt.c
input-polldev.c
input.c Input: improve autorepeat initialization 2015-10-13 23:30:31 -07:00
joydev.c Input: joydev - fix possible ERR_PTR() dereferencing 2015-10-06 16:38:40 -07:00
Kconfig
Makefile
matrix-keymap.c
mousedev.c Input: mousedev - fix implicit conversion warning 2018-04-08 11:51:57 +02:00
sparse-keymap.c