[lvc-project] [PATCH 5.10 2/2] Input: adp5588-keys - Prevent buffer overflow
Denis Arefev
arefev at swemel.ru
Wed May 21 13:40:24 MSK 2025
If the value of 'key_val' is less than 1 or greater than 80,
a buffer overflow may occur.
Add a check for valid values 'key_val'.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 69a4af606ed4 ("Input: adp5588-keys - support GPI events for ADP5588 devices")
Signed-off-by: Denis Arefev <arefev at swemel.ru>
---
drivers/input/keyboard/adp5588-keys.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c
index 60099a6a4bf9..036cb970a5d1 100644
--- a/drivers/input/keyboard/adp5588-keys.c
+++ b/drivers/input/keyboard/adp5588-keys.c
@@ -28,6 +28,9 @@
#define KP_SEL(x) (0xFFFF >> (16 - x)) /* 2^x-1 */
+#define KEY_EVENT_MIN 1
+#define KEY_EVENT_MAX 80
+
#define KEYP_MAX_EVENT 10
/*
@@ -287,10 +290,12 @@ static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt)
break;
}
}
- } else {
+ } else if (key_val >= KEY_EVENT_MIN && key_val <= KEY_EVENT_MAX) {
input_report_key(kpad->input,
- kpad->keycode[key_val - 1],
- key & KEY_EV_PRESSED);
+ kpad->keycode[key_val - 1],
+ key & KEY_EV_PRESSED);
+ } else {
+ dev_err_ratelimited(&kpad->client->dev, "invalid report key value %d", key);
}
}
}
--
2.43.0
More information about the lvc-project
mailing list