From 9696f3739376b71793e7eeff8427599cb594bdd2 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 4 Dec 2019 10:18:27 +1000
Subject: [PATCH] tools: debug-events: don't overrun the device array with too
 many arguments

Only the --device option was checked for argument count, not the rest so it's
easy to overrun the array by specifying too many devices.

Except: this was a theoretical bug only, more than 64 arguments trigger
an assertion in the argv processing in tools/shared.c anyway. Let's drop the
debug-events limit to 60 devices so we can at least have a test for this.

Found by coverity

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 tools/libinput-debug-events.c     | 6 +++++-
 tools/test-tool-option-parsing.py | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tools/libinput-debug-events.c b/tools/libinput-debug-events.c
index bdabb544..079aa7c8 100644
--- a/tools/libinput-debug-events.c
+++ b/tools/libinput-debug-events.c
@@ -935,7 +935,7 @@ main(int argc, char **argv)
 {
 	struct libinput *li;
 	enum tools_backend backend = BACKEND_NONE;
-	char *seat_or_devices[64] = {NULL};
+	char *seat_or_devices[60] = {NULL};
 	size_t ndevices = 0;
 	bool grab = false;
 	bool verbose = false;
@@ -1028,6 +1028,10 @@ main(int argc, char **argv)
 		}
 		backend = BACKEND_DEVICE;
 		do {
+			if (ndevices >= ARRAY_LENGTH(seat_or_devices)) {
+				usage();
+				return EXIT_INVALID_USAGE;
+			}
 			seat_or_devices[ndevices++] = safe_strdup(argv[optind]);
 		} while(++optind < argc);
 	} else if (backend == BACKEND_NONE) {
diff --git a/tools/test-tool-option-parsing.py b/tools/test-tool-option-parsing.py
index 0484e55d..e96d1abf 100755
--- a/tools/test-tool-option-parsing.py
+++ b/tools/test-tool-option-parsing.py
@@ -212,6 +212,11 @@ class TestDebugEvents(TestToolWithOptions, TestLibinputTool):
         self.run_command_success(['--device', '/dev/input/event0', '/dev/input/event0'])
         self.run_command_success(['/dev/input/event0', '/dev/input/event1'])
 
+    def test_too_many_devices(self):
+        # Too many arguments just bails with the usage message
+        rc, stdout, stderr = self.run_command(['/dev/input/event0'] * 61)
+        self.assertEqual(rc, 2, msg=(stdout, stderr))
+
 
 class TestDebugGUI(TestToolWithOptions, TestLibinputTool):
     subtool = 'debug-gui'