Patchwork [1/4] HID: ntrig don't dereference unclaimed hidinput

login
register
mail settings
Submitter Henrik Rydberg
Date March 22, 2011, 1:13 p.m.
Message ID <1300799640-5131-2-git-send-email-rydberg@euromail.se>
Download mbox | patch
Permalink /patch/87944/
State New
Headers show

Comments

Henrik Rydberg - March 22, 2011, 1:13 p.m.
From: Rafi Rubin <rafi@seas.upenn.edu>

Check before dereferencing field->hidinput to fix a reported invalid
deference bug.

Signed-off-by: Rafi Rubin <rafi@seas.upenn.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Henrik Rydberg <rydberg@euromail.se>
---
 drivers/hid/hid-ntrig.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

Patch

diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
index dddd8cb..33d371a 100644
--- a/drivers/hid/hid-ntrig.c
+++ b/drivers/hid/hid-ntrig.c
@@ -332,8 +332,19 @@  static void report_frame(struct input_dev *input, struct ntrig_data *nd)
 static int ntrig_event (struct hid_device *hid, struct hid_field *field,
 			struct hid_usage *usage, __s32 value)
 {
-	struct input_dev *input = field->hidinput->input;
 	struct ntrig_data *nd = hid_get_drvdata(hid);
+	struct input_dev *input;
+
+	/* Skip processing if not a claimed input */
+	if (!(hid->claimed & HID_CLAIMED_INPUT))
+		goto not_claimed_input;
+
+	/* This function is being called before the structures are fully
+	 * initialized */
+	if(!(field->hidinput && field->hidinput->input))
+		return -EINVAL;
+
+	input = field->hidinput->input;
 
 	/* No special handling needed for the pen */
 	if (field->application == HID_DG_PEN)
@@ -377,6 +388,8 @@  static int ntrig_event (struct hid_device *hid, struct hid_field *field,
 		}
 	}
 
+not_claimed_input:
+
 	/* we have handled the hidinput part, now remains hiddev */
 	if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_hid_event)
 		hid->hiddev_hid_event(hid, field, usage, value);