[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200324130813.866708900@linuxfoundation.org>
Date: Tue, 24 Mar 2020 14:11:04 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Kirk Reiser <kirk@...sers.ca>,
Janina Sajka <janina@...note.net>,
Alexandr Epaneshnikov <aarnaarn2@...il.com>,
Gregory Nowak <greg@...gn.net>,
deedra waters <deedra@...-brannons.com>,
Samuel Thibault <samuel.thibault@...-lyon.org>,
Michael Taboada <michael@...haels.world>
Subject: [PATCH 5.4 072/102] staging/speakup: fix get_word non-space look-ahead
From: Samuel Thibault <samuel.thibault@...-lyon.org>
commit 9d32c0cde4e2d1343dfb88a67b2ec6397705b32b upstream.
get_char was erroneously given the address of the pointer to the text
instead of the address of the text, thus leading to random crashes when
the user requests speaking a word while the current position is on a space
character and say_word_ctl is not enabled.
Reported-on: https://github.com/bytefire/speakup/issues/1
Reported-by: Kirk Reiser <kirk@...sers.ca>
Reported-by: Janina Sajka <janina@...note.net>
Reported-by: Alexandr Epaneshnikov <aarnaarn2@...il.com>
Reported-by: Gregory Nowak <greg@...gn.net>
Reported-by: deedra waters <deedra@...-brannons.com>
Signed-off-by: Samuel Thibault <samuel.thibault@...-lyon.org>
Tested-by: Alexandr Epaneshnikov <aarnaarn2@...il.com>
Tested-by: Gregory Nowak <greg@...gn.net>
Tested-by: Michael Taboada <michael@...haels.world>
Cc: stable <stable@...r.kernel.org>
Link: https://lore.kernel.org/r/20200306003047.thijtmqrnayd3dmw@function
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/staging/speakup/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/speakup/main.c
+++ b/drivers/staging/speakup/main.c
@@ -561,7 +561,7 @@ static u_long get_word(struct vc_data *v
return 0;
} else if (tmpx < vc->vc_cols - 2 &&
(ch == SPACE || ch == 0 || (ch < 0x100 && IS_WDLM(ch))) &&
- get_char(vc, (u_short *)&tmp_pos + 1, &temp) > SPACE) {
+ get_char(vc, (u_short *)tmp_pos + 1, &temp) > SPACE) {
tmp_pos += 2;
tmpx++;
} else {
Powered by blists - more mailing lists