From patchwork Tue Mar 22 13:13:57 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Henrik Rydberg <rydberg@euromail.se>
X-Patchwork-Id: 87944
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from chlorine.canonical.com (chlorine.canonical.com
	[91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id BC09AB6F76
	for <incoming@patchwork.ozlabs.org>;
	Wed, 23 Mar 2011 03:24:01 +1100 (EST)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1Q24N9-00079Z-SM; Tue, 22 Mar 2011 16:23:55 +0000
Received: from ch-smtp04.sth.basefarm.net ([80.76.153.5])
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <rydberg@euromail.se>) id 1Q21MA-0004Nj-5p
	for kernel-team@lists.ubuntu.com; Tue, 22 Mar 2011 13:10:42 +0000
Received: from c83-254-52-20.bredband.comhem.se ([83.254.52.20]:47673
	helo=polaris) by ch-smtp04.sth.basefarm.net with smtp (Exim 4.73)
	(envelope-from <rydberg@euromail.se>) id 1Q21Le-0000MJ-D9
	for kernel-team@lists.ubuntu.com; Tue, 22 Mar 2011 14:10:13 +0100
Received: by polaris (sSMTP sendmail emulation);
	Tue, 22 Mar 2011 14:14:04 +0100
From: "Henrik Rydberg" <rydberg@euromail.se>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/4] HID: ntrig don't dereference unclaimed hidinput
Date: Tue, 22 Mar 2011 14:13:57 +0100
Message-Id: <1300799640-5131-2-git-send-email-rydberg@euromail.se>
X-Mailer: git-send-email 1.7.4.1
In-Reply-To: <1300799640-5131-1-git-send-email-rydberg@euromail.se>
References: <1300799640-5131-1-git-send-email-rydberg@euromail.se>
X-Originating-IP: 83.254.52.20
X-Scan-Result: No virus found in message 1Q21Le-0000MJ-D9.
X-Scan-Signature: ch-smtp04.sth.basefarm.net 1Q21Le-0000MJ-D9
	431c1a27c4818266e0418b466d5d76e1
X-Mailman-Approved-At: Tue, 22 Mar 2011 16:23:52 +0000
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

From: Rafi Rubin <rafi@seas.upenn.edu>

Check before dereferencing field->hidinput to fix a reported invalid
deference bug.

Signed-off-by: Rafi Rubin <rafi@seas.upenn.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Henrik Rydberg <rydberg@euromail.se>
---
 drivers/hid/hid-ntrig.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
index dddd8cb..33d371a 100644
--- a/drivers/hid/hid-ntrig.c
+++ b/drivers/hid/hid-ntrig.c
@@ -332,8 +332,19 @@ static void report_frame(struct input_dev *input, struct ntrig_data *nd)
 static int ntrig_event (struct hid_device *hid, struct hid_field *field,
 			struct hid_usage *usage, __s32 value)
 {
-	struct input_dev *input = field->hidinput->input;
 	struct ntrig_data *nd = hid_get_drvdata(hid);
+	struct input_dev *input;
+
+	/* Skip processing if not a claimed input */
+	if (!(hid->claimed & HID_CLAIMED_INPUT))
+		goto not_claimed_input;
+
+	/* This function is being called before the structures are fully
+	 * initialized */
+	if(!(field->hidinput && field->hidinput->input))
+		return -EINVAL;
+
+	input = field->hidinput->input;
 
 	/* No special handling needed for the pen */
 	if (field->application == HID_DG_PEN)
@@ -377,6 +388,8 @@ static int ntrig_event (struct hid_device *hid, struct hid_field *field,
 		}
 	}
 
+not_claimed_input:
+
 	/* we have handled the hidinput part, now remains hiddev */
 	if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_hid_event)
 		hid->hiddev_hid_event(hid, field, usage, value);