linux-input.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] drivers/hid/hid-multitouch.c: fix a possible null pointer access.
@ 2019-12-19  2:45 Pan Zhang
  2019-12-19  9:25 ` Benjamin Tissoires
  0 siblings, 1 reply; 2+ messages in thread
From: Pan Zhang @ 2019-12-19  2:45 UTC (permalink / raw)
  To: benjamin.tissoires, jikos, rydberg, zhangpan26, hushiyuan
  Cc: linux-input, linux-kernel

1002     if ((quirks & MT_QUIRK_IGNORE_DUPLICATES) && mt) {
1003         struct input_mt_slot *i_slot = &mt->slots[slotnum];
1004 
1005         if (input_mt_is_active(i_slot) &&
1006             input_mt_is_used(mt, i_slot))
1007             return -EAGAIN;
1008     }

We previously assumed 'mt' could be null (see line 1002).

The following situation is similar, so add a judgement.

Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
---
 drivers/hid/hid-multitouch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index 3cfeb16..368de81 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -1019,7 +1019,7 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input,
 		tool = MT_TOOL_DIAL;
 	else if (unlikely(!confidence_state)) {
 		tool = MT_TOOL_PALM;
-		if (!active &&
+		if (!active && mt &&
 		    input_mt_is_active(&mt->slots[slotnum])) {
 			/*
 			 * The non-confidence was reported for
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH v2] drivers/hid/hid-multitouch.c: fix a possible null pointer access.
  2019-12-19  2:45 [PATCH v2] drivers/hid/hid-multitouch.c: fix a possible null pointer access Pan Zhang
@ 2019-12-19  9:25 ` Benjamin Tissoires
  0 siblings, 0 replies; 2+ messages in thread
From: Benjamin Tissoires @ 2019-12-19  9:25 UTC (permalink / raw)
  To: Pan Zhang
  Cc: Jiri Kosina, Henrik Rydberg, hushiyuan, open list:HID CORE LAYER, lkml

On Thu, Dec 19, 2019 at 3:46 AM Pan Zhang <zhangpan26@huawei.com> wrote:
>
> 1002     if ((quirks & MT_QUIRK_IGNORE_DUPLICATES) && mt) {
> 1003         struct input_mt_slot *i_slot = &mt->slots[slotnum];
> 1004
> 1005         if (input_mt_is_active(i_slot) &&
> 1006             input_mt_is_used(mt, i_slot))
> 1007             return -EAGAIN;
> 1008     }
>
> We previously assumed 'mt' could be null (see line 1002).
>
> The following situation is similar, so add a judgement.
>
> Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
> ---

Thanks a lot for the quick respin.

Applied to for-5.5/upstream-fixes

Cheers,
Benjamin

>  drivers/hid/hid-multitouch.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
> index 3cfeb16..368de81 100644
> --- a/drivers/hid/hid-multitouch.c
> +++ b/drivers/hid/hid-multitouch.c
> @@ -1019,7 +1019,7 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input,
>                 tool = MT_TOOL_DIAL;
>         else if (unlikely(!confidence_state)) {
>                 tool = MT_TOOL_PALM;
> -               if (!active &&
> +               if (!active && mt &&
>                     input_mt_is_active(&mt->slots[slotnum])) {
>                         /*
>                          * The non-confidence was reported for
> --
> 2.7.4
>


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-19  9:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-19  2:45 [PATCH v2] drivers/hid/hid-multitouch.c: fix a possible null pointer access Pan Zhang
2019-12-19  9:25 ` Benjamin Tissoires

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).