git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jason Gerecke <killertofu@gmail.com>
	Thu, 21 Jan 2021 18:46:49 +0000 (10:46 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 30 Jan 2021 12:32:13 +0000 (13:32 +0100)
commit	1feeef6cc4c830d42fced7e78c25a712efb388c7
tree	150c62d81985a62569b1d7d24f6e2abee346ca05	tree
parent	6e7bfa046de83596c2a50f72e8ced1ee327db654	commit \| diff

HID: wacom: Correct NULL dereference on AES pen proximity

commit 179e8e47c02a1950f1c556f2b854bdb2259078fb upstream.

The recent commit to fix a memory leak introduced an inadvertant NULL
pointer dereference. The `wacom_wac->pen_fifo` variable was never
intialized, resuling in a crash whenever functions tried to use it.
Since the FIFO is only used by AES pens (to buffer events from pen
proximity until the hardware reports the pen serial number) this would
have been easily overlooked without testing an AES device.

This patch converts `wacom_wac->pen_fifo` over to a pointer (since the
call to `devres_alloc` allocates memory for us) and ensures that we assign
it to point to the allocated and initalized `pen_fifo` before the function
returns.

Link: https://github.com/linuxwacom/input-wacom/issues/230
Fixes: 37309f47e2f5 ("HID: wacom: Fix memory leakage caused by kfifo_alloc")
CC: stable@vger.kernel.org # v4.19+
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Tested-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/hid/wacom_sys.c		diff \| blob \| blame \| history
drivers/hid/wacom_wac.h		diff \| blob \| blame \| history