Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752495AbdIMQST (ORCPT <rfc822;w@1wt.eu>);
        Wed, 13 Sep 2017 12:18:19 -0400
Received: from mx2.suse.de ([195.135.220.15]:58389 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751955AbdIMQSR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Sep 2017 12:18:17 -0400
Date: Wed, 13 Sep 2017 09:18:15 -0700 (PDT)
From: Jiri Kosina <jikos@kernel.org>
X-X-Sender: jkosina@wotan.suse.de
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>,
        Guenter Roeck <groeck@chromium.org>, linux-input@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] HID: i2c-hid: allocate hid buffers for real worst case
In-Reply-To: <20170908175527.GA19720@dtor-ws>
Message-ID: <nycvar.YFH.7.76.1709130917510.4703@jbgna.fhfr.qr>
References: <20170908175527.GA19720@dtor-ws>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 495
Lines: 16

On Fri, 8 Sep 2017, Dmitry Torokhov wrote:

> From: Adrian Salido <salidoa@google.com>
> 
> The buffer allocation is not currently accounting for an extra byte for
> the report id. This can cause an out of bounds access in function
> i2c_hid_set_or_send_report() with reportID > 15.
> 
> Signed-off-by: Guenter Roeck <groeck@chromium.org>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

I've added the missing tags and applied to for-4.14/upstream-fixes

-- 
Jiri Kosina
SUSE Labs