* [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences
@ 2022-01-05 17:29 José Expósito
2022-01-05 17:29 ` [PATCH 1/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init José Expósito
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: José Expósito @ 2022-01-05 17:29 UTC (permalink / raw)
To: jikos
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick,
José Expósito
Hi everyone,
This series fixes 4 possible NULL pointer dereference errors
present in hid-uclogic-params.c found by Coverity.
Even though the fixes are small and very similar I made them
in 4 patches to include the Coverity ID on each of them and
make Coverity happy.
I didn't find any code calling the functions with invalid
params, but since the check is there, it's better to make sure
that it's doing its job.
Thanks,
José Expósito
José Expósito (4):
HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_init
HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc
HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init
HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad
drivers/hid/hid-uclogic-params.c | 31 ++++++++++++++++++++++---------
1 file changed, 22 insertions(+), 9 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
@ 2022-01-05 17:29 ` José Expósito
2022-01-05 17:29 ` [PATCH 2/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc José Expósito
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: José Expósito @ 2022-01-05 17:29 UTC (permalink / raw)
To: jikos
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick,
José Expósito
The function performs a check on its input parameters, however, the
hdev parameter is used before the check.
Initialize the stack variables after checking the input parameters to
avoid a possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443831 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/hid-uclogic-params.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index adff1bd68d9f..3c10b858cf74 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -834,10 +834,10 @@ int uclogic_params_init(struct uclogic_params *params,
struct hid_device *hdev)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
- __u8 bNumInterfaces = udev->config->desc.bNumInterfaces;
- struct usb_interface *iface = to_usb_interface(hdev->dev.parent);
- __u8 bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+ struct usb_device *udev;
+ __u8 bNumInterfaces;
+ struct usb_interface *iface;
+ __u8 bInterfaceNumber;
bool found;
/* The resulting parameters (noop) */
struct uclogic_params p = {0, };
@@ -848,6 +848,11 @@ int uclogic_params_init(struct uclogic_params *params,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+ bNumInterfaces = udev->config->desc.bNumInterfaces;
+ iface = to_usb_interface(hdev->dev.parent);
+ bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+
/*
* Set replacement report descriptor if the original matches the
* specified size. Otherwise keep interface unchanged.
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
2022-01-05 17:29 ` [PATCH 1/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init José Expósito
@ 2022-01-05 17:29 ` José Expósito
2022-01-05 17:29 ` [PATCH 3/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init José Expósito
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: José Expósito @ 2022-01-05 17:29 UTC (permalink / raw)
To: jikos
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick,
José Expósito
The function performs a check on the hdev input parameters, however, it
is used before the check.
Initialize the udev variable after the sanity check to avoid a
possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443827 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/hid-uclogic-params.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 3c10b858cf74..3a83e2c39b4f 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -66,7 +66,7 @@ static int uclogic_params_get_str_desc(__u8 **pbuf, struct hid_device *hdev,
__u8 idx, size_t len)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
+ struct usb_device *udev;
__u8 *buf = NULL;
/* Check arguments */
@@ -75,6 +75,8 @@ static int uclogic_params_get_str_desc(__u8 **pbuf, struct hid_device *hdev,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+
buf = kmalloc(len, GFP_KERNEL);
if (buf == NULL) {
rc = -ENOMEM;
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
2022-01-05 17:29 ` [PATCH 1/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init José Expósito
2022-01-05 17:29 ` [PATCH 2/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc José Expósito
@ 2022-01-05 17:29 ` José Expósito
2022-01-05 17:29 ` [PATCH 4/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad José Expósito
2022-01-06 13:14 ` [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences Jiri Kosina
4 siblings, 0 replies; 6+ messages in thread
From: José Expósito @ 2022-01-05 17:29 UTC (permalink / raw)
To: jikos
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick,
José Expósito
The function performs a check on its input parameters, however, the
hdev parameter is used before the check.
Initialize the stack variables after checking the input parameters to
avoid a possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443804 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/hid-uclogic-params.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 3a83e2c39b4f..4136837e4d15 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -709,9 +709,9 @@ static int uclogic_params_huion_init(struct uclogic_params *params,
struct hid_device *hdev)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
- struct usb_interface *iface = to_usb_interface(hdev->dev.parent);
- __u8 bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+ struct usb_device *udev;
+ struct usb_interface *iface;
+ __u8 bInterfaceNumber;
bool found;
/* The resulting parameters (noop) */
struct uclogic_params p = {0, };
@@ -725,6 +725,10 @@ static int uclogic_params_huion_init(struct uclogic_params *params,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+ iface = to_usb_interface(hdev->dev.parent);
+ bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+
/* If it's not a pen interface */
if (bInterfaceNumber != 0) {
/* TODO: Consider marking the interface invalid */
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
` (2 preceding siblings ...)
2022-01-05 17:29 ` [PATCH 3/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init José Expósito
@ 2022-01-05 17:29 ` José Expósito
2022-01-06 13:14 ` [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences Jiri Kosina
4 siblings, 0 replies; 6+ messages in thread
From: José Expósito @ 2022-01-05 17:29 UTC (permalink / raw)
To: jikos
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick,
José Expósito
The function performs a check on the hdev input parameters, however, it
is used before the check.
Initialize the udev variable after the sanity check to avoid a
possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443763 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/hid-uclogic-params.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 4136837e4d15..3e70f969fb84 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -452,7 +452,7 @@ static int uclogic_params_frame_init_v1_buttonpad(
{
int rc;
bool found = false;
- struct usb_device *usb_dev = hid_to_usb_dev(hdev);
+ struct usb_device *usb_dev;
char *str_buf = NULL;
const size_t str_len = 16;
@@ -462,6 +462,8 @@ static int uclogic_params_frame_init_v1_buttonpad(
goto cleanup;
}
+ usb_dev = hid_to_usb_dev(hdev);
+
/*
* Enable generic button mode
*/
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
` (3 preceding siblings ...)
2022-01-05 17:29 ` [PATCH 4/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad José Expósito
@ 2022-01-06 13:14 ` Jiri Kosina
4 siblings, 0 replies; 6+ messages in thread
From: Jiri Kosina @ 2022-01-06 13:14 UTC (permalink / raw)
To: José Expósito
Cc: benjamin.tissoires, linux-input, linux-kernel, spbnick
On Wed, 5 Jan 2022, José Expósito wrote:
> Hi everyone,
>
> This series fixes 4 possible NULL pointer dereference errors
> present in hid-uclogic-params.c found by Coverity.
>
> Even though the fixes are small and very similar I made them
> in 4 patches to include the Coverity ID on each of them and
> make Coverity happy.
>
> I didn't find any code calling the functions with invalid
> params, but since the check is there, it's better to make sure
> that it's doing its job.
Thanks, I've queued the series.
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-01-06 13:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-05 17:29 [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences José Expósito
2022-01-05 17:29 ` [PATCH 1/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init José Expósito
2022-01-05 17:29 ` [PATCH 2/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc José Expósito
2022-01-05 17:29 ` [PATCH 3/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init José Expósito
2022-01-05 17:29 ` [PATCH 4/4] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad José Expósito
2022-01-06 13:14 ` [PATCH 0/4] HID: hid-uclogic-params: Fix NULL pointer dereferences Jiri Kosina
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.