lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aBBdFoBbdl8GI6da@surfacebook.localdomain>
Date: Tue, 29 Apr 2025 08:01:10 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	linux-input@...r.kernel.org, linux-kernel@...r.kernel.org,
	Pali Rohár <pali@...nel.org>
Subject: Re: [PATCH v1 1/1] Input: ALPS - bail out when device path can't fit
 buffer

Mon, Apr 28, 2025 at 04:30:13PM -0700, Dmitry Torokhov kirjoitti:
> On Tue, Apr 22, 2025 at 09:56:45PM +0300, Andy Shevchenko wrote:
> > @@ -3094,6 +3101,16 @@ int alps_init(struct psmouse *psmouse)
> >  
> >  	if (priv->flags & ALPS_DUALPOINT) {
> >  		struct input_dev *dev2;
> > +		int n;
> > +
> > +		n = snprintf(priv->phys2, sizeof(priv->phys2), "%s/input1",
> > +			     psmouse->ps2dev.serio->phys);
> > +		if (n >= sizeof(priv->phys2)) {
> > +			psmouse_err(psmouse,
> > +				    "failed to prepare path to the trackstick device\n");
> > +			error = -E2BIG;
> > +			goto init_fail;
> 
> So you just broke touchpad of some poor guy who had it working just fine 
> for many years. For maximum impact you should add BUG() or panic()
> here.

Ha-ha. You know that your speculation most likely so far from the truth.

> In all seriousness, it is OK to have truncated phys, rarely anyone looks
> at it and if we get a report of it being truncated then we can consider
> addressing the size (or we can decide to live with it truncated).

In all seriousness, while I agree on the statement, the 4 drivers in Input
subsystem break the build. It's the biggest obstacle now to enable WERROR=y,
which is default, builds on `make W=1`. So, I already gave you chance to fix,
instead I hear nothing back for a months (to be precise 2 months and a day
passed from my first attempt that you didn't like), the problem still exists.
Please, address this the way you like.

-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ