From 971d338aa9799952f430bc08bf8fa0cde39b420e Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 6 Feb 2017 15:59:55 +0100
Subject: sys: refine EVIOCGMASK description

Fuzzer used this call to corrupt output data involving
treating part of file name as a pointer into data section.
Machines are raising...
---
 sys/input.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/input.txt b/sys/input.txt
index 5f26ea57c..930d8adc8 100644
--- a/sys/input.txt
+++ b/sys/input.txt
@@ -19,7 +19,7 @@ ioctl$EVIOCGREP(fd fd_evdev, cmd const[EVIOCGREP], arg buffer[out])
 ioctl$EVIOCGKEYCODE(fd fd_evdev, cmd const[EVIOCGKEYCODE], arg buffer[out])
 ioctl$EVIOCGKEYCODE_V2(fd fd_evdev, cmd const[EVIOCGKEYCODE_V2], arg buffer[out])
 ioctl$EVIOCGEFFECTS(fd fd_evdev, cmd const[EVIOCGEFFECTS], arg buffer[out])
-ioctl$EVIOCGMASK(fd fd_evdev, cmd const[EVIOCGMASK], arg buffer[out])
+ioctl$EVIOCGMASK(fd fd_evdev, cmd const[EVIOCGMASK], arg ptr[in, input_mask])
 ioctl$EVIOCGNAME(fd fd_evdev, cmd const[EVIOCGNAME64], arg buffer[out])
 ioctl$EVIOCGPHYS(fd fd_evdev, cmd const[EVIOCGPHYS64], arg buffer[out])
 ioctl$EVIOCGUNIQ(fd fd_evdev, cmd const[EVIOCGUNIQ64], arg buffer[out])
@@ -142,7 +142,7 @@ ff_envelope {
 
 input_mask {
 	type	flags[input_mask_type, int32]
-	size	int32
+	size	bytesize[ptr, int32]
 	ptr	buffer[in]
 }
 
-- 
cgit mrf-deployment