* [PATCH] Input: gtco - fix uninitialized stack read
@ 2020-08-15 15:34 Paul Hollinsky
0 siblings, 0 replies; only message in thread
From: Paul Hollinsky @ 2020-08-15 15:34 UTC (permalink / raw)
To: Dmitry Torokhov; +Cc: linux-input, Paul Hollinsky, syzbot+6a1bb5a33a0b128085bc
If a malformed HID report is sent from the device, a prefix with
TYPE_MAIN may read globtype before it is written with TYPE_GLOBAL.
The oldval array is protected from uninitialized read by the
indent counter.
Reported-by: syzbot+6a1bb5a33a0b128085bc@syzkaller.appspotmail.com
Signed-off-by: Paul Hollinsky <phollinsky@holtechnik.com>
---
drivers/input/tablet/gtco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c
index 44bb1f69b4b2..db030cd043d5 100644
--- a/drivers/input/tablet/gtco.c
+++ b/drivers/input/tablet/gtco.c
@@ -217,7 +217,7 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report,
__u32 usage = 0;
/* Global Values, indexed by TAG */
- __u32 globalval[TAG_GLOB_MAX];
+ __u32 globalval[TAG_GLOB_MAX] = { 0 };
__u32 oldval[TAG_GLOB_MAX];
/* Debug stuff */
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-08-15 22:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-15 15:34 [PATCH] Input: gtco - fix uninitialized stack read Paul Hollinsky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.