From: Kenichi Nagai Date: Fri, 11 May 2007 05:12:15 +0000 (-0400) Subject: Input: evdev - fix overflow in compat_ioctl X-Git-Tag: firefly_0821_release~29185 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=bf61f8d357e5d71d74a3ca3be3cce52bf1a2c01a;p=firefly-linux-kernel-4.4.55.git Input: evdev - fix overflow in compat_ioctl When exporting input device bitmaps via compat_ioctl on BIG_ENDIAN platforms evdev calculates data size incorrectly. This causes buffer overflow if user specifies buffer smaller than maxlen. Signed-off-by: Kenichi Nagai Signed-off-by: Dmitry Torokhov Signed-off-by: Linus Torvalds --- diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c index 55a72592704c..b234729706be 100644 --- a/drivers/input/evdev.c +++ b/drivers/input/evdev.c @@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *bits, unsigned int maxbit, if (compat) { len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t); - if (len < maxlen) + if (len > maxlen) len = maxlen; for (i = 0; i < len / sizeof(compat_long_t); i++)