On 1/15/20 4:21 PM, Alan Stern wrote:
> On Wed, 15 Jan 2020, Johan Korsnes wrote:
>
>> We have a touch device that reports its opens and shorts test results
>> in HID buffers of size 8184 bytes. With this patch we're able to
>> successfully obtain these reports.
>>
>> Alan Stern: Your commit 8ec321e96e05 ("HID: Fix slab-out-of-bounds
>> read in hid_field_extract") states:
>>
>> "This patch fixes the problem by rejecting any report whose total
>> length exceeds the HID_MAX_BUFFER_SIZE limit (minus one byte to allow
>> for a possible report index). In theory a device could have a report
>> longer than that, but if there was such a thing we wouldn't handle it
>> correctly anyway."
>>
>> Is this something we have to worry about when increasing the buffer
>> size? Or are you referring to the fact that we previously truncated
>> the reports if they exceeded max buffer size?
>
> The latter. And after this patch we will still truncate reports that
> exceed the max buffer size, no "previously" about it.
>
> (Incidentally, these last three paragraphs don't belong in the patch
> description; nobody will care about them once the patch has been
> merged. You should have put them below the "---" separator line.)
>
Right. If this patch is of interest I can submit a second version
with a cleaned-up patch description.
Regards,
Johan
> Alan Stern
>
