Input: ff-memless - fix signed to unsigned bit overflow

When userspace sets effect->u.rumble.strong_magnitude to 0x8001 or
larger, ml_combine_effects() would always return strong_magnitude
0xffff.

Problem is that 'gain' is passed in as signed integer. Multiplying
magnitude (__u16) with gain (int) causes magnitude read as signed and
results negative value (with magnitude > 0x8000). This signed integer
is then divided and value, still negative, converted to 32bit unsigned
integer. Finally checking combine overflow min(new+old, 0xffff) gives
out 0xffff.

Fix is to simply change 'gain' to unsigned int.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Acked-by: Anssi Hannula <anssi.hannula@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>

drivers/input/ff-memless.c

@@ -226,7 +226,7 @@ static int get_compatible_type(struct ff_device *ff, int effect_type)
  */
 static void ml_combine_effects(struct ff_effect *effect,
 			       struct ml_effect_state *state,
-			       int gain)
+			       unsigned int gain)
 {
 	struct ff_effect *new = state->effect;
 	unsigned int strong, weak, i;