Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp1033180lqp;
        Thu, 23 May 2024 07:17:41 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVImVWDqIPA/gGuj/jLSU/lSyXBf2386pXInH44jkev27Rmmsn/XkdmQOY+nn/AStV280RTzfWZ3vq3T3vDOpyZ36tHA+OWgaG0H/9vOQ==
X-Google-Smtp-Source: AGHT+IHg1grCGiYhUt43955ThXyauhm0GAg956ybF0nb5dLvWVCQ1U8eHK6IB+JFTvdPufwutONj
X-Received: by 2002:a05:622a:1386:b0:43a:74d8:8971 with SMTP id d75a77b69052e-43f9e0b49aamr57342681cf.23.1716473861121;
        Thu, 23 May 2024 07:17:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716473861; cv=pass;
        d=google.com; s=arc-20160816;
        b=N+1R50TK6nrp7rbDzZIjU3SuU51P17v2gvKzmey+KgfxLx68+63cmyWXg3ZRc/4V6p
         OA/+PkePfP44DgKQm1REJCTG7gVtoKBJkE18DI1LFJNA19hbBGokcx5zlk5MCLIAKDyd
         LnB95vYrNjHunHxsr6O2IcpP5XfuO26EVBLlaTdYkoTdq9Bu2b34LzwQHL8MGMmw5/b4
         i3EiVtt+/oyjbNiF/xq8Qvek9suX2tT+m42iPPklcFGFPaN96DxlbzqN+RPJ6OAG1JOf
         jwwEX42FZb7qjLTV/o3nkmCLAf14uPA46Pm8zHr/PbFdhxoQ9G4LS4AzF30dVBWV3k2l
         /JOw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=J5FMJZpkXHmKvq6Lg3ogLuOTDtEz2O8ZQMuOcRJTnXI=;
        fh=788LvZDXJlSwnDXailAxsB15cguHb9il/fac4mWGy2E=;
        b=rxqQsfllvD0wtTwFV8c3Sl0MhSIuypn49Sk2nWjC0HRoTWMSojzmaVns2wJE7iRopj
         dMI3ZEk+bjhNBIi1E2SKJRDDoYDzHWzhEZrSeVpRmYpZCjxuLW3fwiGtFSij8KdvzqGY
         rmgSRlIhladeq4ocbQFxF59HGUVR6uRGGH4tXkBSONCvpJZnbJRyTaIO61oUcE1odle7
         n3IqCWsLZ5lLPiIS3jQd4NfuA4LCwXAO95t4Ji4Bw5dvaaW3OzJqnOhTzyzLlhgoFdK7
         crlCh74BhjwlH0+QHwn4ml9Zas/KTMjy4nJFAeRfWF2YGaffMHlJzh8Jlsk84hViZcUV
         VSVw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=fintech.ru);
       spf=pass (google.com: domain of linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id d75a77b69052e-43e193fdea6si28389981cf.556.2024.05.23.07.17.40
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 23 May 2024 07:17:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=fintech.ru);
       spf=pass (google.com: domain of linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187627-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id E78B91C21D57
	for <linux.lists.archive@gmail.com>; Thu, 23 May 2024 14:17:37 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7052E14AD17;
	Thu, 23 May 2024 14:17:33 +0000 (UTC)
Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67B378062B
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 14:17:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.54.195.159
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716473853; cv=none; b=cT++KfZa6zQkhLyjIoUFrPYHBuokBBbQrYoixtHmjjsoNtgzIenHp5coajxjtYCuigjbo/sBoUg6Z0Alz4w2zel8rb2EKbSwOgsSN3IrlXkxSmWOg1UntwyzEOVJxS2dykuHVjQNA7s7viEGN5sHiWZ/nhueqZbHi4/BU4DydXc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716473853; c=relaxed/simple;
	bh=ZSR6n2pEadnCfEBNysFFl/udTlGkNqXpW+x5Iov/XaE=;
	h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=Ws1YZiDi6gZjk5XkXwwXa7Udnu3rrSf7QvBKJ6mi9GU5JDfrFP+a39300QvIz/ARE7DCPcGdhSTB3Miv7SZrxSwY0HYc5E+Bj8Y7YNVBntMKyJujK/SN6hHPeQKAnqjDblILmjI6q+KQesHg+lSsUS9EJohoNylm3Woh7CkqVsI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru; spf=pass smtp.mailfrom=fintech.ru; arc=none smtp.client-ip=195.54.195.159
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fintech.ru
Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru
 (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Thu, 23 May
 2024 17:17:19 +0300
Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 23 May
 2024 17:17:18 +0300
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
To: <syzbot+c52569baf0c843f35495@syzkaller.appspotmail.com>
CC: Nikita Zhandarovich <n.zhandarovich@fintech.ru>,
	<syzkaller-bugs@googlegroups.com>, <linux-kernel@vger.kernel.org>
Subject: Re: [syzbot] [usb?] UBSAN: array-index-out-of-bounds in usbhid_parse
Date: Thu, 23 May 2024 07:17:07 -0700
Message-ID: <20240523141707.25170-1-n.zhandarovich@fintech.ru>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <000000000000d330500607d85a5f@google.com>
References:
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru
 (10.0.10.18)

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
 drivers/hid/usbhid/hid-core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index a90ed2ceae84..f38a4bd3a20e 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -1020,6 +1020,9 @@ static int usbhid_parse(struct hid_device *hid)
 	num_descriptors = min_t(int, hdesc->bNumDescriptors,
 	       (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor));
 
+	if (num_descriptors > ARRAY_SIZE(hdesc->desc))
+		num_descriptors = ARRAY_SIZE(hdesc->desc);
+
 	for (n = 0; n < num_descriptors; n++)
 		if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT)
 			rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength);