Message ID | 20200815153426.435592-1-phollinsky@holtechnik.com |
---|---|
State | New |
Headers | show |
Series | Input: gtco - fix uninitialized stack read | expand |
diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c index 44bb1f69b4b2..db030cd043d5 100644 --- a/drivers/input/tablet/gtco.c +++ b/drivers/input/tablet/gtco.c @@ -217,7 +217,7 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report, __u32 usage = 0; /* Global Values, indexed by TAG */ - __u32 globalval[TAG_GLOB_MAX]; + __u32 globalval[TAG_GLOB_MAX] = { 0 }; __u32 oldval[TAG_GLOB_MAX]; /* Debug stuff */
If a malformed HID report is sent from the device, a prefix with TYPE_MAIN may read globtype before it is written with TYPE_GLOBAL. The oldval array is protected from uninitialized read by the indent counter. Reported-by: syzbot+6a1bb5a33a0b128085bc@syzkaller.appspotmail.com Signed-off-by: Paul Hollinsky <phollinsky@holtechnik.com> --- drivers/input/tablet/gtco.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)