[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com>
Date: Mon, 4 Nov 2024 16:30:53 -0800
From: Nolan Nicholson <nolananicholson@...il.com>
To: stable@...r.kernel.org
Cc: jikos@...nel.org, bentiss@...nel.org, linux-usb@...r.kernel.org,
linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: hid-pidff.c: null-pointer deref if optional HID reports are not present
Hello,
(This is my first time reporting a Linux bug; please accept my apologies
for any mistakes in the process.)
When initializing a HID PID device, hid-pidff.c checks for eight required
HID reports and five optional reports. If the eight required reports are
present, the hid_pidff_init() function then attempts to find the necessary
fields in each required or optional report, using the pidff_find_fields()
function. However, if any of the five optional reports is not present,
pidff_find_fields() will trigger a null-pointer dereference.
I recently implemented the descriptors for a USB HID device with PID
force-feedback capability. After implementing the required report
descriptors but not the optional ones, I got an OOPS from the
pidff_find_fields function. I saved the OOPS from my Ubuntu installation,
and have attached it here. I later reproduced the issue on 6.11.6.
I was able to work around the issue by having my device present all of the
optional report descriptors as well as all of the required ones.
Thank you,
Nolan Nicholson
Content of type "text/html" skipped
View attachment "hid_pidff_oops.txt" of type "text/plain" (8683 bytes)
Powered by blists - more mailing lists