From a908d213557cfbe874b7bd1ae3a1b0d3c05c29e9 Mon Sep 17 00:00:00 2001

From: David Herrmann <dh.herrmann@gmail.com>

Date: Tue, 23 Sep 2014 13:51:42 +0200

Subject: [PATCH] terminal: verify kernel-returned DRM events are not truncated

Make sure the kernel always returns events properly. This is guaranteed

right now, otherwise, we do something really wrong. But lets be sure and

verify the received values properly. This also silences some coverity

warnings.

---

 src/libsystemd-terminal/grdev-drm.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libsystemd-terminal/grdev-drm.c b/src/libsystemd-terminal/grdev-drm.c

index 5c65c096de..5393ebf988 100644

--- a/src/libsystemd-terminal/grdev-drm.c

+++ b/src/libsystemd-terminal/grdev-drm.c

@@ -2223,7 +2223,7 @@ static int grdrm_card_io_fn(sd_event_source *s, int fd, uint32_t revents, void *

                 for (i = 0; i < l; i += event->length) {

                         event = (void*)&buf[i];

-                        if (i + event->length > l) {

+                        if (i + (ssize_t)sizeof(*event) > l || i + (ssize_t)event->length > l) {

                                 log_debug("grdrm: %s/%s: truncated event", card->base.session->name, card->base.name);

                                 break;

                         }