| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6b1277a8-30a6-4d2b-9b25-93d105503ea3@kylinos.cn>
Date: Thu, 14 Nov 2024 10:19:51 +0800
From: Pei Xiao <xiaopei01@...inos.cn>
To: 67321ded.050a0220.a83d0.0016.GAE@...gle.com,
syzbot+3fa2af55f15bd21cada9@...kaller.appspotmail.com,
linux-kernel@...r.kernel.org
Subject: Re: [syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in s32ton
s32ton always be 0 when n>=32,add check n.
#syz test
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 81d6c734c8bc..ead1d338fa58 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,11 @@ static s32 snto32(__u32 value, unsigned int n)
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (n >= 32)
+ return value;
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
Powered by blists - more mailing lists