diff mbox series

[next] HID: playstation: fix array size comparison (off-by-one)

Message ID 20210215163921.84283-1-colin.king@canonical.com (mailing list archive)
State Mainlined
Commit 50ab1ffd7c41c5c7759b62fb42d3006b751bb12b
Delegated to: Jiri Kosina
Headers show
Series [next] HID: playstation: fix array size comparison (off-by-one) | expand

Commit Message

Colin King Feb. 15, 2021, 4:39 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

The comparison of value with the array size ps_gamepad_hat_mapping
appears to be off-by-one. Fix this by using >= rather than > for the
size comparison.

Addresses-Coverity: ("Out-of-bounds read")
Fixes: bc2e15a9a022 ("HID: playstation: initial DualSense USB support.")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/hid/hid-playstation.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Benjamin Tissoires Feb. 17, 2021, 8:04 p.m. UTC | #1 
On Mon, Feb 15, 2021 at 5:39 PM Colin King <colin.king@canonical.com> wrote:
>
> From: Colin Ian King <colin.king@canonical.com>
>
> The comparison of value with the array size ps_gamepad_hat_mapping
> appears to be off-by-one. Fix this by using >= rather than > for the
> size comparison.
>
> Addresses-Coverity: ("Out-of-bounds read")
> Fixes: bc2e15a9a022 ("HID: playstation: initial DualSense USB support.")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---

Good catch.

Applied to for-5.12/playstation-v2

Cheers,
Benjamin

>  drivers/hid/hid-playstation.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
> index 408b651174cf..568a3a067c88 100644
> --- a/drivers/hid/hid-playstation.c
> +++ b/drivers/hid/hid-playstation.c
> @@ -1064,7 +1064,7 @@ static int dualsense_parse_report(struct ps_device *ps_dev, struct hid_report *r
>         input_report_abs(ds->gamepad, ABS_RZ, ds_report->rz);
>
>         value = ds_report->buttons[0] & DS_BUTTONS0_HAT_SWITCH;
> -       if (value > ARRAY_SIZE(ps_gamepad_hat_mapping))
> +       if (value >= ARRAY_SIZE(ps_gamepad_hat_mapping))
>                 value = 8; /* center */
>         input_report_abs(ds->gamepad, ABS_HAT0X, ps_gamepad_hat_mapping[value].x);
>         input_report_abs(ds->gamepad, ABS_HAT0Y, ps_gamepad_hat_mapping[value].y);
> --
> 2.30.0
>
diff mbox series

Patch

diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index 408b651174cf..568a3a067c88 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -1064,7 +1064,7 @@  static int dualsense_parse_report(struct ps_device *ps_dev, struct hid_report *r
 	input_report_abs(ds->gamepad, ABS_RZ, ds_report->rz);
 
 	value = ds_report->buttons[0] & DS_BUTTONS0_HAT_SWITCH;
-	if (value > ARRAY_SIZE(ps_gamepad_hat_mapping))
+	if (value >= ARRAY_SIZE(ps_gamepad_hat_mapping))
 		value = 8; /* center */
 	input_report_abs(ds->gamepad, ABS_HAT0X, ps_gamepad_hat_mapping[value].x);
 	input_report_abs(ds->gamepad, ABS_HAT0Y, ps_gamepad_hat_mapping[value].y);