On Fri, 11 Jan 2019, Philipp Zabel wrote:
> Storing HID collection parents as direct pointers while parsing HID
> report descriptors only works as long as the collection array is not
> reallocated, which happens for descriptors with a large number of
> collections. Then all stored pointers are invalidated in the middle
> of parsing, which results in invalid memory accesses.
Philip,
have you seen ee46967fc6e ("HID: core: replace the collection tree
pointers with indices") in hid.git#for-5.0/upstream-fixes from Peter? (not
in Linus' tree yet, will be sending it out shortly).
I believe it's fixing the same thing you're fixing here.
--
Jiri Kosina
SUSE Labs
