linux_dsm_epyc7002/drivers/input
Arnd Bergmann f5a430c8ee Input: cyapa_gen6 - fix out-of-bounds stack access
commit f051ae4f6c732c231046945b36234e977f8467c6 upstream.

gcc -Warray-bounds warns about a serious bug in
cyapa_pip_retrieve_data_structure:

drivers/input/mouse/cyapa_gen6.c: In function 'cyapa_pip_retrieve_data_structure.constprop':
include/linux/unaligned/access_ok.h:40:17: warning: array subscript -1 is outside array bounds of 'struct retrieve_data_struct_cmd[1]' [-Warray-bounds]
   40 |  *((__le16 *)p) = cpu_to_le16(val);
drivers/input/mouse/cyapa_gen6.c:569:13: note: while referencing 'cmd'
  569 |  } __packed cmd;
      |             ^~~

Apparently the '-2' was added to the pointer instead of the value,
writing garbage into the stack next to this variable.

Fixes: c2c06c41f7 ("Input: cyapa - add gen6 device module support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20201026161332.3708389-1-arnd@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:54:05 +01:00
..
gameport treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
joystick Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-12-05 16:16:34 -08:00
keyboard Input: omap4-keypad - fix runtime PM error handling 2020-12-30 11:53:19 +01:00
misc Input: cm109 - do not stomp on control URB 2020-12-11 13:17:36 -08:00
mouse Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:54:05 +01:00
rmi4 Input: synaptics-rmi4 - support bootloader v8 in f34v7 2020-10-04 19:51:45 -07:00
serio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-12-12 09:41:33 -08:00
tablet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
touchscreen Input: ads7846 - fix unaligned access on 7845 2020-12-30 11:53:14 +01:00
apm-power.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
evbug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
evdev.c Input: evdev - per-client waitgroups 2020-10-06 18:34:15 -07:00
ff-core.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ff-memless.c Input: ff-memless - kill timer in destroy() 2019-11-15 11:45:03 -08:00
input-compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
input-compat.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
input-leds.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
input-mt.c Input: MT - avoid comma separated statements 2020-08-25 10:26:05 -07:00
input-polldev.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
input-poller.c Input: add input_get_poll_interval() 2019-10-04 12:31:46 -07:00
input-poller.h Input: add support for polling to input devices 2019-08-20 12:04:07 -07:00
input.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-03-26 20:49:44 -07:00
joydev.c Linux 5.2 2019-07-15 09:42:32 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile Input: add support for polling to input devices 2019-08-20 12:04:07 -07:00
matrix-keymap.c Input: matrix-keymap - switch to use device_property_count_u32() 2019-08-12 00:03:13 -07:00
mousedev.c *: convert stream-like files -> stream_open, even if they use noop_llseek 2019-07-14 16:09:19 +03:00
sparse-keymap.c Input: Use fallthrough pseudo-keyword 2020-07-07 11:25:54 -07:00