Commit bf61f8d3 authored by Kenichi Nagai's avatar Kenichi Nagai Committed by Linus Torvalds

Input: evdev - fix overflow in compat_ioctl

When exporting input device bitmaps via compat_ioctl on BIG_ENDIAN
platforms evdev calculates data size incorrectly. This causes buffer
overflow if user specifies buffer smaller than maxlen.
Signed-off-by: default avatarKenichi Nagai <kenichi3.nagai@toshiba.co.jp>
Signed-off-by: default avatarDmitry Torokhov <dtor@mail.ru>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 435b71be
...@@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *bits, unsigned int maxbit, ...@@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *bits, unsigned int maxbit,
if (compat) { if (compat) {
len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t); len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t);
if (len < maxlen) if (len > maxlen)
len = maxlen; len = maxlen;
for (i = 0; i < len / sizeof(compat_long_t); i++) for (i = 0; i < len / sizeof(compat_long_t); i++)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment