lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250113085047.2100403-1-even.xu@intel.com>
Date: Mon, 13 Jan 2025 16:50:47 +0800
From: Even Xu <even.xu@...el.com>
To: dan.carpenter@...aro.org
Cc: srinivas.pandruvada@...ux.intel.com,
	jikos@...nel.org,
	bentiss@...nel.org,
	mpearson-lenovo@...ebb.ca,
	linux-input@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org,
	Even Xu <even.xu@...el.com>
Subject: [PATCH next] HID: intel-thc-hid: intel-quicki2c: fix potential memory corruption

Use U32 to get value from ACPI and explicitly cast to U16.

fixes: 5282e45ccbfa ("HID: intel-thc-hid: intel-quicki2c: Add THC QuickI2C ACPI interfaces")
Signed-off-by: Even Xu <even.xu@...el.com>
---
 drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c b/drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c
index b56c72124821..2de93f4a25ca 100644
--- a/drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c
+++ b/drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c
@@ -118,6 +118,7 @@ static int quicki2c_get_acpi_resources(struct quicki2c_device *qcdev)
 	struct acpi_device *adev = ACPI_COMPANION(qcdev->dev);
 	struct quicki2c_subip_acpi_parameter i2c_param;
 	struct quicki2c_subip_acpi_config i2c_config;
+	u32 hid_desc_addr;
 	int ret = -EINVAL;
 
 	if (!adev) {
@@ -131,10 +132,12 @@ static int quicki2c_get_acpi_resources(struct quicki2c_device *qcdev)
 					     QUICKI2C_ACPI_REVISION_NUM,
 					     QUICKI2C_ACPI_FUNC_NUM_HID_DESC_ADDR,
 					     ACPI_TYPE_INTEGER,
-					     &qcdev->hid_desc_addr);
+					     &hid_desc_addr);
 	if (ret)
 		return ret;
 
+	qcdev->hid_desc_addr = (u16)hid_desc_addr;
+
 	ret = quicki2c_acpi_get_dsm_property(adev, &thc_platform_guid,
 					     QUICKI2C_ACPI_REVISION_NUM,
 					     QUICKI2C_ACPI_FUNC_NUM_ACTIVE_LTR_VAL,
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ