From: "Jan Kratochvil" <honza@jikos.cz>
To: Dmitry Torokhov <dtor@insightbb.com>
Cc: Jan Kratochvil <krata@matfyz.cz>, Jiri Kosina <jkosina@suse.cz>,
Anssi Hannula <anssi.hannula@gmail.com>,
linux-input@atrey.karlin.mff.cuni.cz
Subject: Re: [PATCH] playing ff effect with code greater then FF_EFFECTS can cause buffer overflow
Date: Wed, 2 May 2007 17:31:00 +0200 [thread overview]
Message-ID: <35f02cc20705020831s36a1741awd699fc382c1cd309@mail.gmail.com> (raw)
In-Reply-To: <200705012253.47925.dtor@insightbb.com>
[-- Attachment #1: Type: text/plain, Size: 1951 bytes --]
Hi Dmitry,
On 5/2/07, Dmitry Torokhov <dtor@insightbb.com> wrote:
>
> Hi Jan,
>
> On Tuesday 01 May 2007 19:15, Jan Kratochvil wrote:
> > From: Jan Kratochvil <honza@jikos.cz>
> > To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
> > Cc: Jiri Kosina <jkosina@suse.cz>, Anssi Hannula <
> anssi.hannula@gmail.com>,
> > linux-input@atrey.karlin.mff.cuni.cz, linux-kernel@vger.kernel.org
> > Subject: [PATCH] playing ff effect with code greater then FF_EFFECTS can
> cause buffer overflow
> >
> > Hi,
> > i found a bug in ff-memless.c so i fixed it. As you can see I am
> > doing check if effect_id is less then 0, but I am aware that it is
> useless
> > because effect_id is actually input_event.code which is __u16, but on
> the
> > other side as long as the effect_id is int I feel it is correct to check
> > whether it is > 0.
> >
>
> Well spotted, thanks. However I think that the check should be moved up
> the stack, into force feedback core. What do you think about the patch
> below?
Ok by me.
Jan Kratochvil
--
> Dmitry
>
>
> Input: force feedback - make sure effect is present before playing
>
> Make sure that requested effect id is not out of range for the
> device and that effect is present before requesting device to
> play it.
>
> Reported-by: Jan Kratochvil <honza@jikos.cz>
> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
> ---
>
> drivers/input/ff-core.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletion(-)
>
> Index: work/drivers/input/ff-core.c
> ===================================================================
> --- work.orig/drivers/input/ff-core.c
> +++ work/drivers/input/ff-core.c
> @@ -281,7 +281,8 @@ int input_ff_event(struct input_dev *dev
> break;
>
> default:
> - ff->playback(dev, code, value);
> + if (check_effect_access(ff, code, NULL) == 0)
> + ff->playback(dev, code, value);
> break;
> }
>
>
>
[-- Attachment #2: Type: text/html, Size: 3421 bytes --]
prev parent reply other threads:[~2007-05-02 15:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-01 23:15 [PATCH] playing ff effect with code greater then FF_EFFECTS can cause buffer overflow Jan Kratochvil
2007-05-01 23:20 ` Jiri Kosina
2007-05-02 2:56 ` Dmitry Torokhov
2007-05-02 2:53 ` Dmitry Torokhov
2007-05-02 15:31 ` Jan Kratochvil [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=35f02cc20705020831s36a1741awd699fc382c1cd309@mail.gmail.com \
--to=honza@jikos.cz \
--cc=anssi.hannula@gmail.com \
--cc=dtor@insightbb.com \
--cc=jkosina@suse.cz \
--cc=krata@matfyz.cz \
--cc=linux-input@atrey.karlin.mff.cuni.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).