www.infradead.org Git - users/dwmw2/linux.git/commit

author	Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
	Wed, 8 Jun 2022 12:26:09 +0000 (05:26 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 21 Aug 2022 13:15:53 +0000 (15:15 +0200)
commit	ebda3d6b004bb6127a66a616524a2de152302ca7
tree	da436188e54a933bf48e60c9b1c5ad62523d8326	tree
parent	cdf92a0aee97b6e8c92db99ae4cdf250dffe6692	commit \| diff

HID: cp2112: prevent a buffer overflow in cp2112_xfer()

[ Upstream commit 381583845d19cb4bd21c8193449385f3fefa9caf ]

Smatch warnings:
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()
'data->block[1]' too small (33 vs 255)
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too
small (64 vs 255)

The 'read_length' variable is provided by 'data->block[0]' which comes
from user and it(read_length) can take a value between 0-255. Add an
upper bound to 'read_length' variable to prevent a buffer overflow in
memcpy().

Fixes: 542134c0375b ("HID: cp2112: Fix I2C_BLOCK_DATA transactions")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>