speakup on latest kernels

Samuel Thibault samuel.thibault at ens-lyon.org
Tue Mar 3 08:11:28 EST 2020


For people who have had crashes with latest kernels and can rebuild
their own kernel, could you try to apply the attached patch? It seems to
be fixing things and for sure would trigger crashes when doing get_word
while speakup is on a space. The issue has been there for at least 10
years, it's a bit crazy that only now we have crashes with it :)

-------------- next part --------------
commit 72c8cfdd58ad6a39002f4ae93752ee28d567b69f
Author: Samuel Thibault <samuel.thibault at ens-lyon.org>
Date:   Tue Mar 3 01:24:24 2020 +0100

    speakup: fix get_word non-space look-ahead
    get_char was erroneously given the address of the pointer to the text
    instead of the address of the text, thus leading to random crashes when
    the user requests speaking a word while the current position is on a space
    character and say_word_ctl is not enabled.
    Cc: stable at vger.kernel.org
    Reported-on: https://github.com/bytefire/speakup/issues/1
    Reported-by: Kirk Reiser <kirk at reisers.ca>
    Reported-by: Janina Sajka <janina at rednote.net>
    Reported-by: Alexandr Epaneshnikov <aarnaarn2 at gmail.com>
    Reported-by: Gregory Nowak <greg at gregn.net>
    Reported-by: deedra waters <deedra at the-brannons.com>
    Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
    TODO: Tested-by: Alexandr Epaneshnikov <aarnaarn2 at gmail.com>

diff --git a/drivers/staging/speakup/main.c b/drivers/staging/speakup/main.c
index 488f2539aa9a..81ecfd1a200d 100644
--- a/drivers/staging/speakup/main.c
+++ b/drivers/staging/speakup/main.c
@@ -561,7 +561,7 @@ static u_long get_word(struct vc_data *vc)
 		return 0;
 	} else if (tmpx < vc->vc_cols - 2 &&
 		   (ch == SPACE || ch == 0 || (ch < 0x100 && IS_WDLM(ch))) &&
-		   get_char(vc, (u_short *)&tmp_pos + 1, &temp) > SPACE) {
+		   get_char(vc, (u_short *)tmp_pos + 1, &temp) > SPACE) {
 		tmp_pos += 2;
 	} else {

More information about the Speakup mailing list