https://bugzilla.kernel.org/show_bug.cgi?id=202999 Bug ID: 202999 Summary: The HID Parser has some bugs and limitations Product: Drivers Version: 2.5 Kernel Version: 4.9 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Bluetooth Assignee: linux-bluetooth@xxxxxxxxxxxxxxx Reporter: rzimmerm@xxxxxxxxxxxx Regression: No >From hid-core.c: case HID_GLOBAL_ITEM_TAG_REPORT_SIZE: parser->global.report_size = item_udata(item); if (parser->global.report_size > 96) { dbg_hid("invalid report_size %d\n", parser->global.report_size); return -1; } return 0; The 96 bits limit is arbitrary. For new categories of devices this can be a limitation (in our case an array of structure larger than 12 bytes) I would recommend either no limit (dynamic) or something like 64 * 8 bits. if (parser->global.logical_maximum < parser->global.logical_minimum) { dbg_hid("logical range invalid %d %d\n", parser->global.logical_minimum, parser->global.logical_maximum); return -1; } If the item is 32bit and the logical extent is (0 - 0xFFFFFFFF), the logical_maximum will flip sign as it is a 32 bit signed variable and the assertion will fail. Those issue are not found on Windows/MacOS/iOS -- You are receiving this mail because: You are the assignee for the bug.
