From: Purva Yeshi <purvayeshi550@gmail.com>
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
Purva Yeshi <purvayeshi550@gmail.com>
Subject: [PATCH] input: iqs5xx: Fix incorrect argument passed to hex2bin
Date: Sun, 20 Apr 2025 01:34:34 +0530 [thread overview]
Message-ID: <20250419200434.39661-1-purvayeshi550@gmail.com> (raw)
Fix Smatch-detected issue:
drivers/input/touchscreen/iqs5xx.c:747 iqs5xx_fw_file_parse()
error: hex2bin() 'rec->len' too small (2 vs 4)
Fix incorrect second argument to hex2bin() when parsing firmware records.
Pass a pointer to the ASCII hex data instead of the u8 record length to
hex2bin(), which expects a pointer, not an integer. The previous code
passed rec->len as the second argument, leading to undefined behavior
as hex2bin() attempted to read from an unintended memory address.
Cast the entire rec structure to a const char * using a new pointer
rec_bytes. Skip the initial ':' character in the Intel HEX format by
passing rec_bytes + 1 to hex2bin(). This allows the function to decode
the 4-byte record header (length, address high, address low, and type)
correctly from its ASCII hex representation into binary form.
Preserve the original code flow while ensuring correctness and resolving
the issue detected by Smatch.
Signed-off-by: Purva Yeshi <purvayeshi550@gmail.com>
---
drivers/input/touchscreen/iqs5xx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/input/touchscreen/iqs5xx.c b/drivers/input/touchscreen/iqs5xx.c
index 4ebd7565ae6e..e8140a54685f 100644
--- a/drivers/input/touchscreen/iqs5xx.c
+++ b/drivers/input/touchscreen/iqs5xx.c
@@ -744,7 +744,9 @@ static int iqs5xx_fw_file_parse(struct i2c_client *client,
break;
}
- error = hex2bin(rec_hdr, rec->len, sizeof(rec_hdr));
+ const char *rec_bytes = (const char *)rec;
+
+ error = hex2bin(rec_hdr, rec_bytes + 1, sizeof(rec_hdr));
+
if (error) {
dev_err(&client->dev, "Invalid header at record %u\n",
rec_num);
--
2.34.1
next reply other threads:[~2025-04-19 20:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-19 20:04 Purva Yeshi [this message]
2025-04-19 22:22 ` [PATCH] input: iqs5xx: Fix incorrect argument passed to hex2bin Jeff LaBundy
2025-04-29 1:30 ` Dmitry Torokhov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250419200434.39661-1-purvayeshi550@gmail.com \
--to=purvayeshi550@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox