From 7ada13f3a40e2f58aea335cf910666378e7dd99a Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 12 Jul 2019 14:38:33 +0200
Subject: [PATCH 1/3] evdev: avoid bit vector decoding on non-successful and 0
 return codes

Reported by Clang.

    strace/evdev.c:157:3: note: The value 0 is assigned to 'size'
    #                size = tcp->u_rval * 8;
    #                ^~~~~~~~~~~~~~~~~~~~~~
    strace/evdev.c:158:2: warning: Declared variable-length array (VLA)
    has zero size
    #        char decoded_arg[size];
    #        ^

* evdev.c (decode_bitset_): Bail out before decoded_arg VLA definition.
---
 evdev.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/evdev.c b/evdev.c
index e402d26e..4b811cf8 100644
--- a/evdev.c
+++ b/evdev.c
@@ -155,6 +155,13 @@ decode_bitset_(struct tcb *const tcp, const kernel_ulong_t arg,
 		size = max_nr;
 	else
 		size = tcp->u_rval * 8;
+
+	if (syserror(tcp) || !size) {
+		printaddr(arg);
+
+		return RVAL_IOCTL_DECODED;
+	}
+
 	char decoded_arg[size];
 
 	if (umove_or_printaddr(tcp, arg, &decoded_arg))
-- 
2.13.6