From f41a52d3010579949a3b9fd76783120d9643b60b Mon Sep 17 00:00:00 2001 From: Rafi Rubin Date: Tue, 8 Mar 2011 00:24:29 -0500 Subject: HID: ntrig don't dereference unclaimed hidinput Check before dereferencing field->hidinput to fix a reported invalid deference bug. Signed-off-by: Rafi Rubin Signed-off-by: Jiri Kosina --- drivers/hid/hid-ntrig.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'drivers/hid/hid-ntrig.c') diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c index beb403421e72..a93e58ca81ed 100644 --- a/drivers/hid/hid-ntrig.c +++ b/drivers/hid/hid-ntrig.c @@ -539,8 +539,19 @@ static int ntrig_input_mapped(struct hid_device *hdev, struct hid_input *hi, static int ntrig_event (struct hid_device *hid, struct hid_field *field, struct hid_usage *usage, __s32 value) { - struct input_dev *input = field->hidinput->input; struct ntrig_data *nd = hid_get_drvdata(hid); + struct input_dev *input; + + /* Skip processing if not a claimed input */ + if (!(hid->claimed & HID_CLAIMED_INPUT)) + goto not_claimed_input; + + /* This function is being called before the structures are fully + * initialized */ + if(!(field->hidinput && field->hidinput->input)) + return -EINVAL; + + input = field->hidinput->input; /* No special handling needed for the pen */ if (field->application == HID_DG_PEN) @@ -810,6 +821,8 @@ static int ntrig_event (struct hid_device *hid, struct hid_field *field, } } +not_claimed_input: + /* we have handled the hidinput part, now remains hiddev */ if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_hid_event) hid->hiddev_hid_event(hid, field, usage, value); -- cgit v1.2.3