On Fri, Dec 20, 2024 at 07:16:39PM +0100, Benjamin Tissoires wrote: > Hi Alan > > [quick FYI, I'm lagging a lot upstream. I had a rough time in > November and then got some internal work which lead me to be less > present upstream. And now the holidays are coming. sigh] > > On Dec 17 2024, Alan Stern wrote: > > Jiri and Benjamin: > > > > The syzbot monthly USB report led to this old email message, which was > > never answered. The full bug report and email thread are here: > > > > https://lore.kernel.org/all/000000000000109c040597dc5843@xxxxxxxxxx/T/ > > > > The bug still has not been fixed, according to syzbot. Please review > > this material and let me know whether the patch should be changed or > > submitted. > > Sorry this fell through the cracks. No problem. > > > Index: usb-devel/drivers/hid/hid-core.c > > > =================================================================== > > > --- usb-devel.orig/drivers/hid/hid-core.c > > > +++ usb-devel/drivers/hid/hid-core.c > > > @@ -1057,6 +1057,8 @@ static void hid_apply_multiplier(struct > > > while (multiplier_collection->parent_idx != -1 && > > > multiplier_collection->type != HID_COLLECTION_LOGICAL) > > > multiplier_collection = &hid->collection[multiplier_collection->parent_idx]; > > > + if (multiplier_collection->type != HID_COLLECTION_LOGICAL) > > > + multiplier_collection = NULL; > > As far as I can tell, this might be good. > I had a hard time finding out if this is correct, but we are in > undefined behavior, so we should probably just fix the bug. > > The selftests are all passing[0], so I guess we just need to respin the > patch dropping the second hunk, no? Okay, I'll do that. Thanks for getting back to me. Alan Stern
