Input: ipaq-micro-keys - add length check in micro_key_receive

The driver accesses the message payload (msg[0]) without checking if
the length is greater than zero. The parent MFD driver can produce a
payload with a length of 0, in which case msg[0] would be uninitialized
or stale.

Add a check to return early if len is less than 1.

Reported-by: sashiko-bot@kernel.org
Assisted-by: Antigravity:gemini-3.5-flash
Link: https://patch.msgid.link/aintAvTyw4CVb5hG@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

diff --git a/drivers/input/keyboard/ipaq-micro-keys.c b/drivers/input/keyboard/ipaq-micro-keys.c
index 3c7d6aa0fe292d3ff1c9789d445eebdf1ef597b4..ebd991de70f818428802f79e42844b780894fa64 100644 (file)
--- a/drivers/input/keyboard/ipaq-micro-keys.c
+++ b/drivers/input/keyboard/ipaq-micro-keys.c
@@ -43,6 +43,9 @@ static void micro_key_receive(void *data, int len, unsigned char *msg)
        struct ipaq_micro_keys *keys = data;
        int key, down;
 
+       if (len < 1)
+               return;
+
        down = 0x80 & msg[0];
        key  = 0x7f & msg[0];