[PATCH] Input: gf2k: clamp hat values to the lookup table

public inbox for linux-input@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Input: gf2k: clamp hat values to the lookup table
@ 2026-03-23  7:45 Pengpeng Hou
  2026-03-25  3:07 ` Dmitry Torokhov
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Pengpeng Hou @ 2026-03-23  7:45 UTC (permalink / raw)
  To: dmitry.torokhov; +Cc: linux-input, linux-kernel, kees, pengpeng

gf2k_read() decodes the hat position from a 4-bit field and uses it
directly to index gf2k_hat_to_axis[]. The lookup table only has nine
entries, so malformed packets can read past the end of the fixed table.

Clamp invalid hat values to the neutral position before indexing the
lookup table.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
 drivers/input/joystick/gf2k.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/input/joystick/gf2k.c b/drivers/input/joystick/gf2k.c
index 5a1cdce0bc48..78fba36285dc 100644
--- a/drivers/input/joystick/gf2k.c
+++ b/drivers/input/joystick/gf2k.c
@@ -164,6 +164,8 @@ static void gf2k_read(struct gf2k *gf2k, unsigned char *data)
 		input_report_abs(dev, gf2k_abs[i], GB(i*9+60,8,0) | GB(i+54,1,9));
 
 	t = GB(40,4,0);
+	if (t >= ARRAY_SIZE(gf2k_hat_to_axis))
+		t = 0;
 
 	for (i = 0; i < gf2k_hats[gf2k->id]; i++)
 		input_report_abs(dev, ABS_HAT0X + i, gf2k_hat_to_axis[t][i]);
-- 
2.50.1 (Apple Git-155)


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] Input: gf2k: clamp hat values to the lookup table
  2026-03-23  7:45 [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
@ 2026-03-25  3:07 ` Dmitry Torokhov
  2026-04-07  1:56 ` [PATCH v2] Input: gf2k: skip invalid hat lookup values Pengpeng Hou
  2026-04-07  3:30 ` [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
  2 siblings, 0 replies; 5+ messages in thread
From: Dmitry Torokhov @ 2026-03-25  3:07 UTC (permalink / raw)
  To: Pengpeng Hou; +Cc: linux-input, linux-kernel, kees

On Mon, Mar 23, 2026 at 03:45:41PM +0800, Pengpeng Hou wrote:
> gf2k_read() decodes the hat position from a 4-bit field and uses it
> directly to index gf2k_hat_to_axis[]. The lookup table only has nine
> entries, so malformed packets can read past the end of the fixed table.
> 
> Clamp invalid hat values to the neutral position before indexing the
> lookup table.
> 
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
> ---
>  drivers/input/joystick/gf2k.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/input/joystick/gf2k.c b/drivers/input/joystick/gf2k.c
> index 5a1cdce0bc48..78fba36285dc 100644
> --- a/drivers/input/joystick/gf2k.c
> +++ b/drivers/input/joystick/gf2k.c
> @@ -164,6 +164,8 @@ static void gf2k_read(struct gf2k *gf2k, unsigned char *data)
>  		input_report_abs(dev, gf2k_abs[i], GB(i*9+60,8,0) | GB(i+54,1,9));
>  
>  	t = GB(40,4,0);
> +	if (t >= ARRAY_SIZE(gf2k_hat_to_axis))
> +		t = 0;

I think if "t" is too bug we should skip the loop instead of reporting
the first axis.

>  
>  	for (i = 0; i < gf2k_hats[gf2k->id]; i++)
>  		input_report_abs(dev, ABS_HAT0X + i, gf2k_hat_to_axis[t][i]);

Thanks.

-- 
Dmitry

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH v2] Input: gf2k: skip invalid hat lookup values
  2026-03-23  7:45 [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
  2026-03-25  3:07 ` Dmitry Torokhov
@ 2026-04-07  1:56 ` Pengpeng Hou
  2026-04-07  5:12   ` Dmitry Torokhov
  2026-04-07  3:30 ` [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
  2 siblings, 1 reply; 5+ messages in thread
From: Pengpeng Hou @ 2026-04-07  1:56 UTC (permalink / raw)
  To: Dmitry Torokhov; +Cc: linux-input, linux-kernel, kees, pengpeng

gf2k_read() decodes the hat position from a 4-bit field and uses it
directly to index gf2k_hat_to_axis[]. The lookup table only has nine
entries, so malformed packets can read past the end of the fixed table.

Skip hat reporting when the decoded value falls outside the lookup
table instead of forcing it to the neutral position. This keeps the
fix local and avoids reporting a made-up axis state for malformed
packets.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
Changes since v1:
- skip reporting invalid hat values instead of clamping them to the
  neutral entry

drivers/input/joystick/gf2k.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/input/joystick/gf2k.c b/drivers/input/joystick/gf2k.c
index 5a1cdce0bc48..1d843115d674 100644
--- a/drivers/input/joystick/gf2k.c
+++ b/drivers/input/joystick/gf2k.c
@@ -165,8 +165,10 @@ static void gf2k_read(struct gf2k *gf2k, unsigned char *data)
 
 	t = GB(40,4,0);
 
-	for (i = 0; i < gf2k_hats[gf2k->id]; i++)
-		input_report_abs(dev, ABS_HAT0X + i, gf2k_hat_to_axis[t][i]);
+	if (t < ARRAY_SIZE(gf2k_hat_to_axis))
+		for (i = 0; i < gf2k_hats[gf2k->id]; i++)
+			input_report_abs(dev, ABS_HAT0X + i,
+					 gf2k_hat_to_axis[t][i]);
 
 	t = GB(44,2,0) | GB(32,8,2) | GB(78,2,10);
 
-- 
2.50.1 (Apple Git-155)


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] Input: gf2k: skip invalid hat lookup values
  2026-04-07  1:56 ` [PATCH v2] Input: gf2k: skip invalid hat lookup values Pengpeng Hou
@ 2026-04-07  5:12   ` Dmitry Torokhov
  0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Torokhov @ 2026-04-07  5:12 UTC (permalink / raw)
  To: Pengpeng Hou; +Cc: linux-input, linux-kernel, kees

On Tue, Apr 07, 2026 at 09:56:52AM +0800, Pengpeng Hou wrote:
> gf2k_read() decodes the hat position from a 4-bit field and uses it
> directly to index gf2k_hat_to_axis[]. The lookup table only has nine
> entries, so malformed packets can read past the end of the fixed table.
> 
> Skip hat reporting when the decoded value falls outside the lookup
> table instead of forcing it to the neutral position. This keeps the
> fix local and avoids reporting a made-up axis state for malformed
> packets.
> 
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>

Applied, thank you.

-- 
Dmitry

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] Input: gf2k: clamp hat values to the lookup table
  2026-03-23  7:45 [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
  2026-03-25  3:07 ` Dmitry Torokhov
  2026-04-07  1:56 ` [PATCH v2] Input: gf2k: skip invalid hat lookup values Pengpeng Hou
@ 2026-04-07  3:30 ` Pengpeng Hou
  2 siblings, 0 replies; 5+ messages in thread
From: Pengpeng Hou @ 2026-04-07  3:30 UTC (permalink / raw)
  To: Dmitry Torokhov; +Cc: linux-input, linux-kernel, kees, pengpeng

Hi Dmitry,

Thanks, that makes sense.

I have updated this to skip reporting hat axes when the decoded value
falls outside the lookup table instead of clamping it to the neutral
entry, and will resend it that way.

Thanks,
Pengpeng



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-04-07  5:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-23  7:45 [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou
2026-03-25  3:07 ` Dmitry Torokhov
2026-04-07  1:56 ` [PATCH v2] Input: gf2k: skip invalid hat lookup values Pengpeng Hou
2026-04-07  5:12   ` Dmitry Torokhov
2026-04-07  3:30 ` [PATCH] Input: gf2k: clamp hat values to the lookup table Pengpeng Hou

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox