217417 – [input/mouse] elan_i2c.h and elantech.h array subscript index 5 is out of bound ETP_MAX_FINGERS

Bug 217417 - [input/mouse] elan_i2c.h and elantech.h array subscript index 5 is out of bound ETP_MAX_FINGERS

Summary: [input/mouse] elan_i2c.h and elantech.h array subscript index 5 is out of bou...

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Input Devices (show other bugs)
Hardware:	All Linux

Importance:	P3 normal
Assignee:	drivers_input-devices

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-08 17:39 UTC by Jon Daniel
Modified:	2023-07-05 19:21 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	6.3.1-6.3.5
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
dmesg syslog output (130.78 KB, text/plain) 2023-05-08 17:39 UTC, Jon Daniel	Details
elantech finger bug dmesg (11.12 KB, text/plain) 2023-06-02 16:41 UTC, Jon Daniel	Details
[PATCH] Input: psmouse - fix OOB access in Elantech protocol from Dmitry Torokhov <dmitry.torokhov@gmail.com> (1.39 KB, patch) 2023-06-02 18:44 UTC, Jon Daniel	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Description Jon Daniel 2023-05-08 17:39:49 UTC

Created attachment 304230 [details]
dmesg syslog output

Comment 1 Jon Daniel 2023-05-08 17:46:09 UTC

Incrementing ETP_MAX_FINGERS by one to 6 might be sufficient.

Comment 2 Bagas Sanjaya 2023-05-11 08:14:59 UTC

What kernel version did this issue occur? Last known good version? lspci/lsusb?

Comment 3 Jon Daniel 2023-06-01 18:27:52 UTC

fixed in 6.3.5 and above

Comment 4 Jon Daniel 2023-06-01 18:37:32 UTC

the only difference seems to be the ignore list addition

Comment 5 Jon Daniel 2023-06-02 16:38:24 UTC

I apologize for the last posts the statements are not correct.
I don't know which version introduced the bug that is still present in the current version of the linux kernel

Comment 6 Jon Daniel 2023-06-02 16:41:27 UTC

Created attachment 304367 [details]
elantech finger bug dmesg

Comment 7 Jon Daniel 2023-06-02 18:44:09 UTC

Created attachment 304369 [details]
[PATCH] Input: psmouse - fix OOB access in Elantech protocol from Dmitry Torokhov <dmitry.torokhov@gmail.com>

Comment 8 Dmitry Torokhov 2023-07-05 19:21:39 UTC

Fixed in 6.4.

Note You need to log in before you can comment on or make changes to this bug.