lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Mar 2010 09:37:16 -0800
From:	Vadim Zaliva <lord@...codile.org>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:	Johannes Berg <johannes@...solutions.net>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] integer overflow issue in 'appletouch' driver


> Just need your Signed-off-by please.


Here it is:

Signed-off-by: Vadim Zaliva <lord@...codile.org>

(including original patch to put it in context. Sorry if it seems like over-quoting)

Sincerely,
Vadim Zaliva

On Mar 5, 2010, at 11:47 , Vadim Zaliva wrote:

> This small patch is fixing an integer overflow issue in 'appletouch' driver.
> 
> In particular, reading data from Geyser 2 touchpads used on post Oct
> 2005 Apple PowerBooks the driver was casting X and Y coordinates
> values to 'signed char'. Testing on one of such PowerBooks I have
> noticed that touchpad always generates positive values, but some of
> them are greater that 127, and thus, when cast to 'signed char' being
> interpreted as a negative.
> 
> Such bigger values have been observed infrequently, closer to the
> edges of a touchpad, so the problem was not very visible. 
> Nevertheless, the patch would potentially improve touchpad
> driver accuracy.
> 
> 
> diff -uNr linux-source-2.6.31.orig/drivers/input/mouse/appletouch.c linux-source-2.6.31/drivers/input/mouse/appletouch.c
> --- linux-source-2.6.31.orig/drivers/input/mouse/appletouch.c	2009-09-09 15:13:59.000000000 -0700
> +++ linux-source-2.6.31/drivers/input/mouse/appletouch.c	2010-03-05 11:05:11.921394055 -0800
> @@ -205,8 +205,8 @@
> 	bool			overflow_warned;
> 	int			x_old;		/* last reported x/y, */
> 	int			y_old;		/* used for smoothing */
> -	signed char		xy_cur[ATP_XSENSORS + ATP_YSENSORS];
> -	signed char		xy_old[ATP_XSENSORS + ATP_YSENSORS];
> +	u8		    xy_cur[ATP_XSENSORS + ATP_YSENSORS];
> +	u8		    xy_old[ATP_XSENSORS + ATP_YSENSORS];
> 	int			xy_acc[ATP_XSENSORS + ATP_YSENSORS];
> 	int			idlecount;	/* number of empty packets */
> 	struct work_struct	work;
> @@ -531,7 +531,7 @@
> 
> 	for (i = 0; i < ATP_XSENSORS + ATP_YSENSORS; i++) {
> 		/* accumulate the change */
> -		signed char change = dev->xy_old[i] - dev->xy_cur[i];
> +		int change = dev->xy_old[i] - dev->xy_cur[i];
> 		dev->xy_acc[i] -= change;
> 
> 		/* prevent down drifting */
> 
> 


--
"Hated by fools, and fools to hate, be this my motto and my fate"
(Jonathan Swift)







Download attachment "smime.p7s" of type "application/pkcs7-signature" (3267 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ