Commit d927909d authored by Tomasz Pakuła's avatar Tomasz Pakuła Committed by Jiri Kosina
Browse files

HID: pidff: Fix possible null pointer dereference 



As reported by Dan Carpenter, if the axes_enable field wasn't found,
trying to find the axes themselves will result in a null pointer
dereference. This could only occur with a broken PID descriptor, but
it's worth protecting from.

Exit early if the axes_enable wasn't found AND add a gate to the
pidff_find_special_keys to exit early if the passed HID field is null.
This will protect again null dereferencing in the future and properly
return 0 found special keys.

Fixes: 1d72e7bd ("HID: pidff: Add support for AXES_ENABLE field")
Reported-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: default avatarTomasz Pakuła <tomasz.pakula.oficjalny@gmail.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.com>
parent 13120abd

drivers/hid/usbhid/hid-pidff.c

+10 −5
Original line number Diff line number Diff line
@@ -1194,6 +1194,9 @@ static int pidff_find_special_keys(int *keys, struct hid_field *fld, 
{

	int found = 0;



	if (!fld)

		return 0;



	for (int i = 0; i < count; i++) {

		keys[i] = pidff_find_usage(fld, usage_page | usagetable[i]) + 1;

		if (keys[i])
@@ -1299,9 +1302,11 @@ static int pidff_find_special_fields(struct pidff_device *pidff) 
		return -1;

	}



	if (!pidff->axes_enable)

	if (!pidff->axes_enable) {

		hid_info(pidff->hid, "axes enable field not found!\n");

	else

		return 0;

	}



	hid_dbg(pidff->hid, "axes enable report count: %u\n",

		pidff->axes_enable->report_count);
@@ -1311,7 +1316,7 @@ static int pidff_find_special_fields(struct pidff_device *pidff) 
	pidff->axis_count = found;

	hid_dbg(pidff->hid, "found direction axes: %u", found);



	for (int i = 0; i < sizeof(pidff_direction_axis); i++) {

	for (int i = 0; i < ARRAY_SIZE(pidff_direction_axis); i++) {

		if (!pidff->direction_axis_id[i])

			continue;