Google Git
Sign in
chromium / chromiumos / third_party / kernel / factory-ryu-6486.B-chromeos-3.14
commitb4059ab2a0047bbb5be08ac804a22f47d094c0b1[log] [tgz]
authorGwendal Grignou <gwendal@chromium.org>Fri Dec 12 00:02:45 2014
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Fri Dec 12 23:53:00 2014
treeed9b5e2e34e3ad439d59efd662e4512fc1a8d81c
parent2a37cfb57e71bceb348af02c99ed66fdfb533d9c [diff]
UPSTREAM: HID: i2c-hid: prevent buffer overflow in early IRQ

Before ->start() is called, bufsize size is set to HID_MIN_BUFFER_SIZE,
64 bytes. While processing the IRQ, we were asking to receive up to
wMaxInputLength bytes, which can be bigger than 64 bytes.

Later, when ->start is run, a proper bufsize will be calculated.

Given wMaxInputLength is said to be unreliable in other part of the
code, set to receive only what we can even if it results in truncated
reports.

Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit d1c7e29e8d276c669e8790bb8be9f505ddc48888)

BUG=chrome-os-partner:34387
TEST=none

Change-Id: Id5ea9701059ed497596e2516cf4431658c4d2587
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/235455
Reviewed-by: Yufeng Shen <miletus@chromium.org>
Commit-Queue: Yufeng Shen <miletus@chromium.org>
Tested-by: Yufeng Shen <miletus@chromium.org>
1 file changed
tree: ed9b5e2e34e3ad439d59efd662e4512fc1a8d81c
  1. arch/
  2. block/
  3. chromeos/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. .scmversion
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. PRESUBMIT.cfg
  33. README
  34. REPORTING-BUGS