case HID_GLOBAL_ITEM_TAG_REPORT_SIZE: parser->global.report_size = item_udata(item);
- if (parser->global.report_size > 128) {
+ if (parser->global.report_size > 256) { hid_err(parser->device, "invalid report_size %d\n", parser->global.report_size); return -1;
The increase from 128 to 256 should not create a scenario where the bug can exist. If it was originally below 128 and not throwing an error, then it should be below 256.
Hrm, I went looking to see if I could help resolve, but I have to admit, at first glance I don't get it. The commit diff:
$ git diff 7a324b3f0535ceb 0f6676fa20ca2a7 b6213008cb 71f6fa90a353605 bf25c36417c9ae5 29ac1a9a8d hid/hid- core.c b/drivers/ hid/hid- core.c .ef009db512ee 100644 hid/hid- core.c hid/hid- core.c global( struct hid_parser *parser, struct hid_item *item)
diff --git a/drivers/
index 3da354af7a0a.
--- a/drivers/
+++ b/drivers/
@@ -406,7 +406,7 @@ static int hid_parser_
case HID_GLOBAL_ ITEM_TAG_ REPORT_ SIZE:
parser- >global. report_ size = item_udata(item); >global. report_ size > 128) { >global. report_ size > 256) {
hid_ err(parser- >device, "invalid report_size %d\n",
parser- >global. report_ size);
return -1;
- if (parser-
+ if (parser-
The increase from 128 to 256 should not create a scenario where the bug can exist. If it was originally below 128 and not throwing an error, then it should be below 256.