[PATCH libevdev 1/5] Don't sync past MAX_SLOTS slots

[Peter Hutterer]

If a device has more than MAX_SLOTS slots, we'd run out-of-bounds on the sync
array. This function is sig-safe, so we can't alloc here, merely limit the
access.

Reported-by: Jonas Ådahl <jadahl at gmail.com>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
 libevdev/libevdev.c | 2 +-
 libevdev/libevdev.h | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/libevdev/libevdev.c b/libevdev/libevdev.c
index 6127e64..36359d4 100644
--- a/libevdev/libevdev.c
+++ b/libevdev/libevdev.c
@@ -561,7 +561,7 @@ sync_mt_state(struct libevdev *dev, int create_events)
 			ioctl_success = 1;
 	}
 
-	for (i = 0; i < dev->num_slots; i++) {
+	for (i = 0; i < min(dev->num_slots, MAX_SLOTS); i++) {
 		int j;
 		struct input_event *ev;
 
diff --git a/libevdev/libevdev.h b/libevdev/libevdev.h
index 898e919..06d2dfa 100644
--- a/libevdev/libevdev.h
+++ b/libevdev/libevdev.h
@@ -693,6 +693,10 @@ enum libevdev_read_status {
  * device state delta. This function returns @ref LIBEVDEV_READ_STATUS_SYNC for
  * each event part of that delta, until it returns -EAGAIN once all events
  * have been synced.
+ * @note The implementation of libevdev limits the maximum number of slots
+ * that can be synched. If your device exceeds the number of slots
+ * (currently 32), slot indices equal and above this maximum are ignored and
+ * their value will not update until the next event in that slot.
  *
  * If a device needs to be synced by the caller but the caller does not call
  * with the @ref LIBEVDEV_READ_STATUS_SYNC flag set, all events from the diff are
-- 
1.8.4.2