Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751330AbdIMOCJ (ORCPT <rfc822;w@1wt.eu>);
        Wed, 13 Sep 2017 10:02:09 -0400
Received: from mx2.suse.de ([195.135.220.15]:45455 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751019AbdIMOCH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Sep 2017 10:02:07 -0400
Date: Wed, 13 Sep 2017 07:02:05 -0700 (PDT)
From: Jiri Kosina <jikos@kernel.org>
X-X-Sender: jkosina@wotan.suse.de
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>,
        Guenter Roeck <groeck@chromium.org>, linux-input@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] HID: i2c-hid: allocate hid buffers for real worst case
In-Reply-To: <20170908175527.GA19720@dtor-ws>
Message-ID: <nycvar.YFH.7.76.1709130701170.4703@jbgna.fhfr.qr>
References: <20170908175527.GA19720@dtor-ws>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 527
Lines: 20

On Fri, 8 Sep 2017, Dmitry Torokhov wrote:

> From: Adrian Salido <salidoa@google.com>
> 
> The buffer allocation is not currently accounting for an extra byte for
> the report id. This can cause an out of bounds access in function
> i2c_hid_set_or_send_report() with reportID > 15.
> 
> Signed-off-by: Guenter Roeck <groeck@chromium.org>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

Missing signoff from the patch author?

Also, I think this should have Cc: stable, right?

Thanks,

-- 
Jiri Kosina
SUSE Labs