aboutsummaryrefslogtreecommitdiff
path: root/SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch
diff options
context:
space:
mode:
Diffstat (limited to 'SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch')
-rw-r--r--SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch85
1 files changed, 0 insertions, 85 deletions
diff --git a/SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch b/SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch
deleted file mode 100644
index d76b648..0000000
--- a/SOURCES/hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From MAILER-DAEMON Wed Jan 27 14:42:50 2021
-From: Jason Gerecke <killertofu@gmail.com>
-To: linux-input@vger.kernel.org, Jiri Kosina <jikos@kernel.org>, Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Cc: Jason Gerecke <jason.gerecke@wacom.com>, stable@vger.kernel.org, Ping Cheng <ping.cheng@wacom.com>
-Subject: [PATCH] HID: wacom: Correct NULL dereference on AES pen proximity
-Date: Thu, 21 Jan 2021 10:46:49 -0800
-Message-Id: <20210121184649.157189-1-jason.gerecke@wacom.com>
-List-ID: <linux-input.vger.kernel.org>
-X-Mailing-List: linux-input@vger.kernel.org
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-
-The recent commit to fix a memory leak introduced an inadvertant NULL
-pointer dereference. The `wacom_wac->pen_fifo` variable was never
-intialized, resuling in a crash whenever functions tried to use it.
-Since the FIFO is only used by AES pens (to buffer events from pen
-proximity until the hardware reports the pen serial number) this would
-have been easily overlooked without testing an AES device.
-
-This patch converts `wacom_wac->pen_fifo` over to a pointer (since the
-call to `devres_alloc` allocates memory for us) and ensures that we assign
-it to point to the allocated and initalized `pen_fifo` before the function
-returns.
-
-Fixes: 37309f47e2f5 ("HID: wacom: Fix memory leakage caused by kfifo_alloc")
-Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
-Tested-by: Ping Cheng <ping.cheng@wacom.com>
-CC: stable@vger.kernel.org # v4.19+
-Link: https://github.com/linuxwacom/input-wacom/issues/230
----
- drivers/hid/wacom_sys.c | 7 ++++---
- drivers/hid/wacom_wac.h | 2 +-
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
-index e8acd235db2a..aa9e48876ced 100644
---- a/drivers/hid/wacom_sys.c
-+++ b/drivers/hid/wacom_sys.c
-@@ -147,9 +147,9 @@ static int wacom_wac_pen_serial_enforce(struct hid_device *hdev,
- }
-
- if (flush)
-- wacom_wac_queue_flush(hdev, &wacom_wac->pen_fifo);
-+ wacom_wac_queue_flush(hdev, wacom_wac->pen_fifo);
- else if (insert)
-- wacom_wac_queue_insert(hdev, &wacom_wac->pen_fifo,
-+ wacom_wac_queue_insert(hdev, wacom_wac->pen_fifo,
- raw_data, report_size);
-
- return insert && !flush;
-@@ -1280,7 +1280,7 @@ static void wacom_devm_kfifo_release(struct device *dev, void *res)
- static int wacom_devm_kfifo_alloc(struct wacom *wacom)
- {
- struct wacom_wac *wacom_wac = &wacom->wacom_wac;
-- struct kfifo_rec_ptr_2 *pen_fifo = &wacom_wac->pen_fifo;
-+ struct kfifo_rec_ptr_2 *pen_fifo;
- int error;
-
- pen_fifo = devres_alloc(wacom_devm_kfifo_release,
-@@ -1297,6 +1297,7 @@ static int wacom_devm_kfifo_alloc(struct wacom *wacom)
- }
-
- devres_add(&wacom->hdev->dev, pen_fifo);
-+ wacom_wac->pen_fifo = pen_fifo;
-
- return 0;
- }
-diff --git a/drivers/hid/wacom_wac.h b/drivers/hid/wacom_wac.h
-index da612b6e9c77..195910dd2154 100644
---- a/drivers/hid/wacom_wac.h
-+++ b/drivers/hid/wacom_wac.h
-@@ -342,7 +342,7 @@ struct wacom_wac {
- struct input_dev *pen_input;
- struct input_dev *touch_input;
- struct input_dev *pad_input;
-- struct kfifo_rec_ptr_2 pen_fifo;
-+ struct kfifo_rec_ptr_2 *pen_fifo;
- int pid;
- int num_contacts_left;
- u8 bt_features;
---
-2.30.0
-
-