lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c53d33769e6fa468c625a7c3a5dd3fceba2401eb.camel@hadess.net>
Date: Thu, 15 Jan 2026 15:42:26 +0100
From: Bastien Nocera <hadess@...ess.net>
To: Kery Qi <qikeyu2017@...il.com>, jikos@...nel.org, bentiss@...nel.org
Cc: lains@...eup.net, hansg@...nel.org, linux-input@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] HID: logitech-hidpp: fix NULL pointer dereference in
 hidpp_get_report_length()



On Thu, 2026-01-15 at 22:24 +0800, Kery Qi wrote:
<snip>
> -	if (!report)
> +	if (!report || report->maxfield < 1 || !report->field[0])

A partial fix already exists in the for-next branch:
https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/commit/?h=for-next&id=1547d41f9f19d691c2c9ce4c29f746297baef9e9

You'll probably want to rebase and adapt your fix. See also this review
by GregKH for v1:
https://patchwork.kernel.org/project/linux-input/patch/20260109105912.3141960-2-gnoack@google.com/

Cheers

>  		return 0;
>  
>  	return report->field[0]->report_count + 1;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ