[RFC/PATCH v1 1/3] fix decoder of ioctl EVIOCGBIT
Dmitry V. Levin
ldv at altlinux.org
Sun Aug 19 08:04:02 UTC 2018
On Sat, Aug 18, 2018 at 06:45:52PM +0800, Zhibin Li wrote:
> OK, it's in linux/drivers/input/evdev.c:
> line 812: in function handle_eviocgbit:
> return bits_to_user(bits, len, size, p, compat_mode);
> and then in function bits_to_user:
> int len = BITS_TO_LONGS(maxbit) * sizeof(long);
> ...
> return copy_to_user(p, bits, len) ? -EFAULT : len;
> Correct me if I'm wrong, thanks :)
I wish you've written something like this in the commit message. :)
I suggest to apply the fix as a separate commit, e.g.
Subject: [PATCH] evdev: fix decoding of bit sets
According to drivers/input/evdev.c:bits_to_user(),
the Linux kernel returns the number of bytes, not bits.
* evdev.c (decode_bitset_): Treat syscall return value as the number
of bytes.
diff --git a/evdev.c b/evdev.c
index 7ca15c9dd..3c1aaa8e2 100644
--- a/evdev.c
+++ b/evdev.c
@@ -171,10 +171,10 @@ decode_bitset_(struct tcb *const tcp, const kernel_ulong_t arg,
tprints(", ");
unsigned int size;
- if ((kernel_ulong_t) tcp->u_rval > max_nr)
+ if ((kernel_ulong_t) tcp->u_rval > max_nr / 8)
size = max_nr;
else
- size = tcp->u_rval;
+ size = tcp->u_rval * 8;
char decoded_arg[size];
if (umove_or_printaddr(tcp, arg, &decoded_arg))
What do you think?
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180819/24b73e27/attachment.bin>
More information about the Strace-devel
mailing list