From patchwork Tue Mar 22 13:13:57 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [1/4] HID: ntrig don't dereference unclaimed hidinput Date: Tue, 22 Mar 2011 03:13:57 -0000 From: Henrik Rydberg X-Patchwork-Id: 87944 Message-Id: <1300799640-5131-2-git-send-email-rydberg@euromail.se> To: kernel-team@lists.ubuntu.com From: Rafi Rubin Check before dereferencing field->hidinput to fix a reported invalid deference bug. Signed-off-by: Rafi Rubin Signed-off-by: Jiri Kosina Signed-off-by: Henrik Rydberg --- drivers/hid/hid-ntrig.c | 15 ++++++++++++++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c index dddd8cb..33d371a 100644 --- a/drivers/hid/hid-ntrig.c +++ b/drivers/hid/hid-ntrig.c @@ -332,8 +332,19 @@ static void report_frame(struct input_dev *input, struct ntrig_data *nd) static int ntrig_event (struct hid_device *hid, struct hid_field *field, struct hid_usage *usage, __s32 value) { - struct input_dev *input = field->hidinput->input; struct ntrig_data *nd = hid_get_drvdata(hid); + struct input_dev *input; + + /* Skip processing if not a claimed input */ + if (!(hid->claimed & HID_CLAIMED_INPUT)) + goto not_claimed_input; + + /* This function is being called before the structures are fully + * initialized */ + if(!(field->hidinput && field->hidinput->input)) + return -EINVAL; + + input = field->hidinput->input; /* No special handling needed for the pen */ if (field->application == HID_DG_PEN) @@ -377,6 +388,8 @@ static int ntrig_event (struct hid_device *hid, struct hid_field *field, } } +not_claimed_input: + /* we have handled the hidinput part, now remains hiddev */ if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_hid_event) hid->hiddev_hid_event(hid, field, usage, value);