Hi Dmitry,
On 5/2/07, Dmitry Torokhov <[EMAIL PROTECTED]> wrote:
Hi Jan,
On Tuesday 01 May 2007 19:15, Jan Kratochvil wrote:
> From: Jan Kratochvil <[EMAIL PROTECTED]>
> To: Dmitry Torokhov <[EMAIL PROTECTED]>
> Cc: Jiri Kosina <[EMAIL PROTECTED]>, Anssi Hannula <
[EMAIL PROTECTED]>,
> [email protected], [EMAIL PROTECTED]
> Subject: [PATCH] playing ff effect with code greater then FF_EFFECTS can
cause buffer overflow
>
> Hi,
> i found a bug in ff-memless.c so i fixed it. As you can see I am
> doing check if effect_id is less then 0, but I am aware that it is
useless
> because effect_id is actually input_event.code which is __u16, but on
the
> other side as long as the effect_id is int I feel it is correct to check
> whether it is > 0.
>
Well spotted, thanks. However I think that the check should be moved up
the stack, into force feedback core. What do you think about the patch
below?
Ok by me.
Jan Kratochvil
--
Dmitry
Input: force feedback - make sure effect is present before playing
Make sure that requested effect id is not out of range for the
device and that effect is present before requesting device to
play it.
Reported-by: Jan Kratochvil <[EMAIL PROTECTED]>
Signed-off-by: Dmitry Torokhov <[EMAIL PROTECTED]>
---
drivers/input/ff-core.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
Index: work/drivers/input/ff-core.c
===================================================================
--- work.orig/drivers/input/ff-core.c
+++ work/drivers/input/ff-core.c
@@ -281,7 +281,8 @@ int input_ff_event(struct input_dev *dev
break;
default:
- ff->playback(dev, code, value);
+ if (check_effect_access(ff, code, NULL) == 0)
+ ff->playback(dev, code, value);
break;
}
