On Thu, Jul 11, 2019 at 03:22:32PM -0700, Grant Hernandez wrote: > The GTCO tablet input driver configures itself from an HID report sent > via USB during the initial enumeration process. Some debugging messages > are generated during the parsing. A debugging message indentation > counter is not bounds checked, leading to the ability for a specially > crafted HID report to cause '-' and null bytes be written past the end > of the indentation array. As long as the kernel has CONFIG_DYNAMIC_DEBUG > enabled, this code will not be optimized out. This was discovered > during code review after a previous syzkaller bug was found in this > driver. > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Grant Hernandez <granthernandez@xxxxxxxxxx> I wish we could convert gtco to be proper HID driver, so we woudl not have to deal with custom HID parsing, but in the meantime this is needed. Applied, thank you. -- Dmitry
