pc/pc64: fix ps2mouse memory corruption race

there was a memory corruption bug caused by us enabling the
ps2mouseputc() handler *before* initializing packetsize.

once we enabled the handler, mouse interrupts could come
in and advance the packet buffer index (nb) beyond the
buffer boundaries.

as ps2mouseputc() only checked for ++nb == packetsize, once
nb was advanced beyond the packetsize, it would continue writing
beyond the buffer and corrupt memory with each mouse packet byte.

solution is to initialize packetsize *before* enabling the
handler, and also do a >= check in ps2mouseputc() in case the
packetsize gets changed to a smaller value at runtime.

0 files changed, 0 insertions, 0 deletions