mirror of
https://gitlab.freedesktop.org/libevdev/libevdev.git
synced 2026-01-08 10:30:18 +01:00
66fee1bec4
A malicious device may announce N slots but then send a slot index >= N. The slot state is almost always allocated (definitely the case in libevdev and true for most callers), so providing a slot number higher than the announced maximum is likely to lead to invalid dereferences. Don't allow that. Likewise, don't allow negative slot numbers. Note that the kernel filters these events anyway, the only way to trigger this is to change the device fd to something outside the kernel's control. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Makefile.am | ||
| test-common-uinput.c | ||
| test-common-uinput.h | ||
| test-common.c | ||
| test-common.h | ||
| test-compile-pedantic.c | ||
| test-event-codes.c | ||
| test-event-names.c | ||
| test-int-queue.c | ||
| test-kernel.c | ||
| test-libevdev-events.c | ||
| test-libevdev-has-event.c | ||
| test-libevdev-init.c | ||
| test-link.c | ||
| test-main.c | ||
| test-uinput.c | ||