Re: [PATCH] HID: validate report length and constants

Next message: Maciej W. Rozycki: "Re: [PATCH 2/2] PCI: Fix the PCIe bridge decreasing to Gen 1 during hotplug testing"
Previous message: Mark Brown: "Re: [PATCH 6.1 000/567] 6.1.159-rc2 review"
In reply to: Davide Beatrici: "Re: [PATCH] HID: validate report length and constants"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Davide Beatrici

Date: Thu Dec 04 2025 - 18:43:33 EST

report 8 has csize=16 rsize=16
report 0 has csize=1 rsize=8
report 0 is too short, (1 < 8)

Which means we do enter the test and execute the memset()...

I added further debug prints to trace the flow after that:

hid-generic 0003:373B:1107.000F: report 8 has csize=16 rsize=16
hid-generic 0003:373B:1107.000F: Calling hiddev_report_event()
hid-generic 0003:373B:1107.000F: Calling hidraw_report_event()
hid-generic 0003:373B:1107.000F: Calling hid_process_report()
hid-generic 0003:373B:1107.000F: Calling hidinput_report_event()
hid-generic 0003:373B:1107.000E: report 0 has csize=1 rsize=8
hid-generic 0003:373B:1107.000E: report 0 is too short, (1 < 8)
hid-generic 0003:373B:1107.000E: Calling hidraw_report_event()
hid-generic 0003:373B:1107.000E: Calling hid_process_report()
hid-generic 0003:373B:1107.000E: Calling hidinput_report_event()
hid-generic 0003:373B:1107.0010: report 0 has csize=7 rsize=7
hid-generic 0003:373B:1107.0010: Calling hidraw_report_event()
hid-generic 0003:373B:1107.0010: Calling hid_process_report()
hid-generic 0003:373B:1107.0010: Calling hidinput_report_event()

The last report is a normal mouse movement.