shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 03:50:24 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee22ea3a89b77cdcd5d758a4d89dbeedbd2a8988
linux/drivers
History
Dongliang Mu ee22ea3a89 usb: idmouse: fix an uninit-value in idmouse_open 
[ Upstream commit bce2b05399 ]

In idmouse_create_image, if any ftip_command fails, it will
go to the reset label. However, this leads to the data in
bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check
for valid image incurs an uninitialized dereference.

Fix this by moving the check before reset label since this
check only be valid if the data after bulk_in_buffer[HEADER]
has concrete data.

Note that this is found by KMSAN, so only kernel compilation
is tested.

Reported-by: syzbot+79832d33eb89fb3cd092@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Link: https://lore.kernel.org/r/20220922134847.1101921-1-dzm91@hust.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-13 14:13:36 +09:00
..
accessibility
acpi
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
2023-06-13 14:13:35 +09:00
amba
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
2023-05-16 12:02:23 +09:00
amlogic
ODROID-G12: Fix flicking with LG 1080p monitors.
2023-05-31 10:39:07 +09:00
android
binder: use wake_up_pollfree()
2023-05-16 12:22:16 +09:00
ata
ata: libata-eh: Add missing command name
2023-06-13 14:13:22 +09:00
atm
atm: idt77252: fix use-after-free bugs caused by tst_timer
2023-06-13 14:13:23 +09:00
auxdisplay
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
2023-05-16 12:15:31 +09:00
base
driver core: Don't probe devices after bus_type.match() probe deferral
2023-06-13 14:13:27 +09:00
bcma
bcma: Fix memory leak for internally-handled cores
2023-05-16 11:44:50 +09:00
block
loop: Check for overflow while configuring loop
2023-06-13 14:13:24 +09:00
bluetooth
Bluetooth: bfusb: fix division by zero in send path
2023-05-16 12:30:31 +09:00
bus
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
2023-06-13 14:12:46 +09:00
cdrom
cdrom: gdrom: initialize global variable at init time
2023-05-16 11:05:40 +09:00
char
random: use expired timer rather than wq for mixing fast pool
2023-06-13 14:13:31 +09:00
clk
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
2023-06-13 14:13:35 +09:00
clocksource
clocksource/drivers/sp804: Avoid error on multiple instances
2023-06-13 14:12:58 +09:00
connector
cpufreq
cpufreq: pmac32-cpufreq: Fix refcount leak bug
2023-06-13 14:13:17 +09:00
cpuidle
cpuidle: Fix kobject memory leaks in error paths
2023-05-16 12:14:36 +09:00
crypto
crypto: ccp - ccp_dmaengine_unregister release dma channels
2023-06-13 14:12:35 +09:00
dax
dca
devfreq
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
2023-05-16 09:14:54 +09:00
dio
dma
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
2023-06-13 14:13:35 +09:00
dma-buf
dma-buf: Fix memory leak in sync_file_merge()
2023-05-15 16:17:55 +09:00
edac
EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
2023-05-16 12:43:19 +09:00
eisa
extcon
extcon: max8997: Add missing modalias string
2023-05-16 11:24:53 +09:00
firewire
firewire: core: extend card->lock in fw_core_handle_bus_reset
2023-06-13 14:12:47 +09:00
firmware
firmware: google: Test spinlock on panic path to avoid lockups
2023-06-13 14:13:34 +09:00
fmc
fpga
gpio
MIPS: Remove repetitive increase irq_err_count
2023-06-13 14:13:13 +09:00
gpu
drm/amdgpu: fix initial connector audio value
2023-06-13 14:13:36 +09:00
hardkernel
ODROID-G12: Make hid-multitouch and dwav-usb-mt driver as mouldes.
2022-03-15 09:20:56 +09:00
hid
HID: roccat: Fix use-after-free in roccat_read()
2023-06-13 14:13:36 +09:00
hsi
HSI: omap_ssi_port: Fix dma_map_sg error check
2023-06-13 14:13:34 +09:00
hv
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
2023-06-13 14:13:29 +09:00
hwmon
hwmon: (gpio-fan) Fix array out of bounds access
2023-06-13 14:13:26 +09:00
hwspinlock
hwtracing
coresight: Fix TRCCONFIGR.QE sysfs interface
2023-06-13 14:12:33 +09:00
i2c
i2c: cadence: Change large transfer count reset logic to be unconditional
2023-06-13 14:13:18 +09:00
ide
block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
2023-05-16 09:04:57 +09:00
idle
x86/cpu: Sanitize FAM6_ATOM naming
2023-05-15 12:46:28 +09:00
iio
iio: inkern: only release the device node when done with it
2023-06-13 14:13:33 +09:00
infiniband
RDMA/rxe: Fix the error caused by qp->sk
2023-06-13 14:13:34 +09:00
input
Input: xpad - fix wireless 360 controller breaking after suspend
2023-06-13 14:13:31 +09:00
iommu
iommu/omap: Fix buffer overflow in debugfs
2023-06-13 14:13:35 +09:00
ipack
ipack: ipoctal: fix module reference leak
2023-05-16 11:53:57 +09:00
irqchip
irqchip/tegra: Fix overflow implicit truncation warnings
2023-06-13 14:13:23 +09:00
isdn
mISDN: fix use-after-free bugs in l1oip timer handlers
2023-06-13 14:13:33 +09:00
leds
leds: ktd2692: Fix an error handling path
2023-05-16 11:24:56 +09:00
lguest
lightnvm
lightnvm: disable the subsystem
2023-06-13 14:12:44 +09:00
macintosh
macintosh/adb: fix oob read in do_adb_query() function
2023-06-13 14:13:20 +09:00
mailbox
mailbox: handle failed named mailbox channel request
2023-05-15 14:08:07 +09:00
mcb
mcb: fix error handling in mcb_alloc_bus()
2023-05-16 11:53:10 +09:00
md
drivers:md:fix a potential use-after-free bug
2023-06-13 14:13:23 +09:00
media
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
2023-06-13 14:13:36 +09:00
memory
memory: of: Fix refcount leak bug in of_get_ddr_timings()
2023-06-13 14:13:33 +09:00
memstick
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
2023-05-16 12:14:44 +09:00
message
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
2023-05-16 09:45:15 +09:00
mfd
mfd: sm501: Add check for platform_driver_register()
2023-06-13 14:13:34 +09:00
misc
cxl: Fix a memory leak in an error handling path
2023-06-13 14:13:23 +09:00
mmc
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
2023-06-13 14:13:33 +09:00
mtd
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
2023-06-13 14:12:59 +09:00
net
r8152: Rate limit overflow messages
2023-06-13 14:13:36 +09:00
nfc
NFC: nxp-nci: don't print header length mismatch on i2c error
2023-06-13 14:13:17 +09:00
ntb
NTB: hw: amd: fix an issue about leak system resources
2023-05-16 09:39:21 +09:00
nubus
nvdimm
libnvdimm/dimm: Avoid race between probe and available_slots_show()
2023-05-16 10:38:48 +09:00
nvme
nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
2023-06-13 14:13:30 +09:00
nvmem
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
2023-05-16 12:00:53 +09:00
of
fdt: Update CRC check for rng-seed
2023-06-13 14:13:14 +09:00
oprofile
parisc
parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
2023-06-13 14:13:28 +09:00
parport
parport: remove non-zero check on count
2023-05-16 11:46:21 +09:00
pci
PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
2023-06-13 14:13:31 +09:00
pcmcia
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
2023-06-13 14:12:56 +09:00
perf
drivers/perf: arm_pmu: Fix failure path in PM notifier
2023-05-15 14:09:37 +09:00
phy
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
2023-06-13 14:12:45 +09:00
pinctrl
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
2023-06-13 14:13:22 +09:00
platform
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
2023-06-13 14:13:36 +09:00
pnp
power
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
2023-06-13 14:13:18 +09:00
powercap
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
2023-06-13 14:13:35 +09:00
pps
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
2023-05-15 14:08:51 +09:00
ps3
powerpc/ps3: use dma_mapping_error()
2023-05-16 09:58:13 +09:00
ptp
ptp: replace snprintf with sysfs_emit
2023-06-13 14:12:40 +09:00
pwm
pwm: lp3943: Fix duty calculation in case period was clamped
2023-06-13 14:12:56 +09:00
rapidio
rapidio: handle create_workqueue() failure
2023-05-16 11:05:25 +09:00
ras
regulator
regulator: qcom_rpm: Fix circular deferral regression
2023-06-13 14:13:31 +09:00
remoteproc
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
2023-06-13 14:12:37 +09:00
reset
Revert "This driver allows GPIO lines to be used as reset signals."
2023-05-16 17:15:02 +09:00
rpmsg
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
2023-06-13 14:12:56 +09:00
rtc
rtc: mt6397: check return value after calling platform_get_resource()
2023-06-13 14:12:56 +09:00
s390
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
2023-06-13 14:13:29 +09:00
sbus
drivers/sbus/char: add of_node_put()
2023-05-15 10:37:00 +09:00
scsi
scsi: 3w-9xxx: Avoid disabling device if failing to enable it
2023-06-13 14:13:36 +09:00
sfi
sh
maple: fix wrong return value of maple_bus_init().
2023-05-16 12:16:16 +09:00
sn
soc
soc: qcom: smem_state: Add refcounting for the 'state->of_node'
2023-06-13 14:13:33 +09:00
spi
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
2023-06-13 14:13:32 +09:00
spmi
ssb
ssb: sdio: Don't overwrite const buffer if block_write fails
2023-05-16 11:22:54 +09:00
staging
staging: rtl8712: fix use after free bugs
2023-06-13 14:13:26 +09:00
target
scsi: target: iscsi: Make sure the np under each tpg is unique
2023-05-16 12:41:58 +09:00
tc
TC: Set DMA masks for devices
2023-05-15 09:23:01 +09:00
tee
UPSTREAM: tee: shm: fix use-after-free via temporarily dropped reference
2023-05-16 09:46:44 +09:00
thermal
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
2023-06-13 14:13:35 +09:00
thunderbolt
thunderbolt: Use 32-bit writes when writing ring producer/consumer
2023-05-15 14:55:28 +09:00
tty
serial: 8250: Fix restoring termios speed after suspend
2023-06-13 14:13:34 +09:00
uio
uio_pdrv_genirq: fix use without device tree and no interrupt
2023-05-16 08:31:00 +09:00
usb
usb: idmouse: fix an uninit-value in idmouse_open
2023-06-13 14:13:36 +09:00
uwb
uwb: hwa-rc: fix memory leak at probe
2023-05-15 08:28:33 +09:00
vfio
vfio: Clear the caps->buf to NULL after free
2023-06-13 14:13:23 +09:00
vhost
vringh: Fix loop descriptors check in the indirect cases
2023-06-13 14:12:58 +09:00
video
fbdev: smscufx: Fix use-after-free in ufx_ops_open()
2023-06-13 14:13:32 +09:00
virt
drivers/virt/fsl_hypervisor: Fix error handling path
2023-05-16 09:38:07 +09:00
virtio
virtio_mmio: Restore guest page size on resume
2023-06-13 14:13:17 +09:00
vlynq
vme
vme: bridges: reduce stack usage
2023-05-15 16:59:11 +09:00
w1
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
2023-06-13 14:12:41 +09:00
watchdog
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
2023-05-16 12:15:35 +09:00
xen
xen/xenbus: fix return type in xenbus_file_read()
2023-06-13 14:13:23 +09:00
zorro
zorro: Set up z->dev.dma_mask for the DMA API
2018-05-30 07:50:44 +02:00
Kconfig
ODROID: sysfs: Add poweroff_trigger sysfs node.
2019-12-11 18:21:09 +09:00
Makefile
ODROID: sysfs: Add poweroff_trigger sysfs node.
2019-12-11 18:21:09 +09:00