From: "José Expósito" <jose.exposito89@gmail.com>
To: Claudia Pellegrino <linux@cpellegrino.de>
Cc: Jiri Kosina <jikos@kernel.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] HID: magicmouse: prevent division by 0 on scroll
Date: Sun, 14 Nov 2021 16:33:54 +0100 [thread overview]
Message-ID: <20211114153354.GA7246@elementary> (raw)
In-Reply-To: <20211114025327.146897-1-linux@cpellegrino.de>
On Sun, Nov 14, 2021 at 03:53:27AM +0100, Claudia Pellegrino wrote:
> In hid_magicmouse, if the user has set scroll_speed to a value between
> 55 and 63 and scrolls seven times in quick succession, the
> step_hr variable in the magicmouse_emit_touch function becomes 0.
>
> That causes a division by zero further down in the function when
> it does `step_x_hr /= step_hr`.
>
> To reproduce, create `/etc/modprobe.d/hid_magicmouse.conf` with the
> following content:
>
> ```
> options hid_magicmouse scroll_acceleration=1 scroll_speed=55
> ```
>
> Then reboot, connect a Magic Mouse and scroll seven times quickly.
> The system will freeze for a minute, and after that `dmesg` will
> confirm that a division by zero occurred.
>
> Enforce a minimum of 1 for the variable so the high resolution
> step count can never reach 0 even at maximum scroll acceleration.
>
> Fixes: d4b9f10a0eb6 ("HID: magicmouse: enable high-resolution scroll")
>
> Signed-off-by: Claudia Pellegrino <linux@cpellegrino.de>
> ---
> drivers/hid/hid-magicmouse.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
> index 686788ebf3e1..d7687ce70614 100644
> --- a/drivers/hid/hid-magicmouse.c
> +++ b/drivers/hid/hid-magicmouse.c
> @@ -256,8 +256,11 @@ static void magicmouse_emit_touch(struct magicmouse_sc *msc, int raw_id, u8 *tda
> unsigned long now = jiffies;
> int step_x = msc->touches[id].scroll_x - x;
> int step_y = msc->touches[id].scroll_y - y;
> - int step_hr = ((64 - (int)scroll_speed) * msc->scroll_accel) /
> - SCROLL_HR_STEPS;
> + int step_hr =
> + max_t(int,
> + ((64 - (int)scroll_speed) * msc->scroll_accel) /
> + SCROLL_HR_STEPS,
> + 1);
> int step_x_hr = msc->touches[id].scroll_x_hr - x;
> int step_y_hr = msc->touches[id].scroll_y_hr - y;
>
> --
> 2.33.1
>
Hi Caludia,
Thanks for ccing me.
I can confirm both that the bug is present and that your patch fixes it.
Tested-by: José Expósito <jose.exposito89@gmail.com>
Best wishes,
Jose
next prev parent reply other threads:[~2021-11-14 15:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-14 2:53 [PATCH] HID: magicmouse: prevent division by 0 on scroll Claudia Pellegrino
2021-11-14 15:33 ` José Expósito [this message]
2021-11-14 20:19 ` Claudia Pellegrino
2021-11-19 14:54 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211114153354.GA7246@elementary \
--to=jose.exposito89@gmail.com \
--cc=benjamin.tissoires@redhat.com \
--cc=jikos@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@cpellegrino.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.