| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f7257221-cbfa-4f51-8ac4-38060bfaf2f4@kernel.org> Date: Thu, 31 Jul 2025 09:43:38 +0200 From: Jiri Slaby <jirislaby@...nel.org> To: Qasim Ijaz <qasdev00@...il.com> Cc: jikos@...nel.org, bentiss@...nel.org, linux-input@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] HID: multitouch: fix integer overflow in set_abs() On 24. 07. 25, 17:56, Qasim Ijaz wrote: > On Thu, Jul 24, 2025 at 08:58:40AM +0200, Jiri Slaby wrote: >> On 23. 07. 25, 19:36, Qasim Ijaz wrote: >>> It is possible for a malicious HID device to trigger a signed integer >>> overflow (undefined behaviour) in set_abs() in the following expression >>> by supplying bogus logical maximum and minimum values: >>> >>> int fuzz = snratio ? (fmax - fmin) / snratio : 0; >>> >>> For example, if the logical_maximum is INT_MAX and logical_minimum is -1 >>> then (fmax - fmin) resolves to INT_MAX + 1, which does not fit in a 32-bit >>> signed int, so the subtraction overflows. >> >> The question is if it matters with -fwrapv? > > Ah yea thanks for bringing this up Jiri. I think you might be correct, > after doing some research it looks like the kernel enables -fno‑strict‑overflow > which implies -fwrapv which leads to wrap around instead of UB If I undestand > correctly. So with that in mind this patch probably doesn't do anything > useful, do you agree? Yes, it correctly wraps around. But the question remains :). Does it matter or not? thanks, -- js suse labs
Powered by blists - more mailing lists