Re: [PATCH] HID: playstation: Clamp num_touch_reports

Next message: Jiri Kosina: "Re: [PATCH] HID: quirks: really enable the intended work around for appledisplay"
Previous message: Balakrishnan Sambath: "[PATCH v2 00/15] media: microchip-isc: fixes and enhancements"
Next in thread: T.J. Mercier: "Re: [PATCH] HID: playstation: Clamp num_touch_reports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiri Kosina

Date: Tue May 12 2026 - 12:00:52 EST

On Fri, 17 Apr 2026, T.J. Mercier wrote:

> A device would never lie about the number of touch reports would it?
>
> If it does the loop in dualshock4_parse_report will read off the end of
> the touch_reports array, up to about 2 KiB for the maximum number of 256
> loop iteraions. The data that is read is emitted via evdev if the
> DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by
> clamping the num_touch_reports value provided by the device to the
> maximum size of the touch_reports array.
>
> Fixes: 752038248808 ("HID: playstation: add DualShock4 touchpad support.")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Xingyu Jin <xingyuj@xxxxxxxxxx>
> Signed-off-by: T.J. Mercier <tjmercier@xxxxxxxxxx>

Applied, thanks.

--
Jiri Kosina
SUSE Labs