Re: [PATCH] Fixes kernel panic with Null pointer in hid-appleir.c

From: Jiri Kosina <hidden>
Date: 2014-06-30 14:38:11
Also in: lkml

On Fri, 20 Jun 2014, Nicholas Krause wrote:

quoted hunk ↗ jump to hunk

In for loop of function appleir_input_configured we hit
a Null pointer after the for loop due to array_size not
being correct needs to be changed to input_dev->keycodemax.

Signed-off-by: Nicholas Krause <redacted>
---
 drivers/hid/hid-appleir.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-appleir.c b/drivers/hid/hid-appleir.c
index 0e6a42d..ab0a702 100644
--- a/drivers/hid/hid-appleir.c
+++ b/drivers/hid/hid-appleir.c

@@ -272,7 +272,7 @@ static void appleir_input_configured(struct hid_device *hid,
 	input_dev->evbit[0] = BIT(EV_KEY) | BIT(EV_REP);
 
 	memcpy(appleir->keymap, appleir_key_table, sizeof(appleir->keymap));
-	for (i = 0; i < ARRAY_SIZE(appleir_key_table); i++)
+	for (i = 0; i < ARRAY_SIZE(input_dev->keycodemax); i++)

Ugh, how is this supposed to work? input_dev->keycodemax is int, not 
array. I think you actually want sizeof(appleir->keymap) there.

-- 
Jiri Kosina
SUSE Labs

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help