[PATCH] ff-memless: fix signed to unsigned bit overflow in ml_combile_effects()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
To: linux-input@vger.kernel.org
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>,
	Anssi Hannula <anssi.hannula@gmail.com>
Subject: [PATCH] ff-memless: fix signed to unsigned bit overflow in ml_combile_effects()
Date: Thu, 07 May 2009 22:32:06 +0300	[thread overview]
Message-ID: <20090507193206.9342.15843.stgit@fate.lan> (raw)

When userspace sets effect->u.rumble.strong_magnitude to 0x8001 or larger,
ml_combine_effects() would always return strong_magnitude 0xffff.

Problem is that 'gain' is passed in as signed integer. Multiplying magnitude
(__u16) with gain (int) causes magnitude read as signed and results negative
value (with magnitude > 0x8000). This signed integer is then divided and
value, still negative, converted to 32bit unsigned integer. Finally checking
combine overflow min(new+old, 0xffff) gives out 0xffff.

Fix is to simply change 'gain' to unsigned int.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
---

 drivers/input/ff-memless.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/input/ff-memless.c b/drivers/input/ff-memless.c
index bc4e40f..2d1415e 100644
--- a/drivers/input/ff-memless.c
+++ b/drivers/input/ff-memless.c
@@ -226,7 +226,7 @@ static int get_compatible_type(struct ff_device *ff, int effect_type)
  */
 static void ml_combine_effects(struct ff_effect *effect,
 			       struct ml_effect_state *state,
-			       int gain)
+			       unsigned int gain)
 {
 	struct ff_effect *new = state->effect;
 	unsigned int strong, weak, i;

next             reply	other threads:[~2009-05-07 19:32 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-05-07 19:32 Jussi Kivilinna [this message]
2009-05-07 23:53 ` [PATCH] ff-memless: fix signed to unsigned bit overflow in ml_combile_effects() Anssi Hannula
2009-05-08  2:10   ` [PATCH] ff-memless: fix signed to unsigned bit overflow in?ml_combile_effects() Dmitry Torokhov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bc4e40f dfblob:2d1415e )
 OR (
bs:"[PATCH] ff-memless: fix signed to unsigned bit overflow in ml_combile_effects()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090507193206.9342.15843.stgit@fate.lan \
    --to=jussi.kivilinna@mbnet.fi \
    --cc=anssi.hannula@gmail.com \
    --cc=dmitry.torokhov@gmail.com \
    --cc=linux-input@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.