From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 12 Jul 2019 12:38:33 +0000 (+0200)
Subject: evdev: avoid bit vector decoding on non-successful and 0 return codes
X-Git-Tag: v5.3~127
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7ada13f3a40e2f58aea335cf910666378e7dd99a;p=strace

evdev: avoid bit vector decoding on non-successful and 0 return codes

Reported by Clang.

    strace/evdev.c:157:3: note: The value 0 is assigned to 'size'
    #                size = tcp->u_rval * 8;
    #                ^~~~~~~~~~~~~~~~~~~~~~
    strace/evdev.c:158:2: warning: Declared variable-length array (VLA)
    has zero size
    #        char decoded_arg[size];
    #        ^

* evdev.c (decode_bitset_): Bail out before decoded_arg VLA definition.
---

diff --git a/evdev.c b/evdev.c
index e402d26e..4b811cf8 100644
--- a/evdev.c
+++ b/evdev.c
@@ -155,6 +155,13 @@ decode_bitset_(struct tcb *const tcp, const kernel_ulong_t arg,
 		size = max_nr;
 	else
 		size = tcp->u_rval * 8;
+
+	if (syserror(tcp) || !size) {
+		printaddr(arg);
+
+		return RVAL_IOCTL_DECODED;
+	}
+
 	char decoded_arg[size];
 
 	if (umove_or_printaddr(tcp, arg, &decoded_arg))