On Wed, 15 Jan 2020, Johan Korsnes (jkorsnes) wrote:
> >> We have a touch device that reports its opens and shorts test results
> >> in HID buffers of size 8184 bytes. With this patch we're able to
> >> successfully obtain these reports.
> >>
> >> Alan Stern: Your commit 8ec321e96e05 ("HID: Fix slab-out-of-bounds
> >> read in hid_field_extract") states:
> >>
> >> "This patch fixes the problem by rejecting any report whose total
> >> length exceeds the HID_MAX_BUFFER_SIZE limit (minus one byte to allow
> >> for a possible report index). In theory a device could have a report
> >> longer than that, but if there was such a thing we wouldn't handle it
> >> correctly anyway."
> >>
> >> Is this something we have to worry about when increasing the buffer
> >> size? Or are you referring to the fact that we previously truncated
> >> the reports if they exceeded max buffer size?
> >
> > The latter. And after this patch we will still truncate reports that
> > exceed the max buffer size, no "previously" about it.
> >
> > (Incidentally, these last three paragraphs don't belong in the patch
> > description; nobody will care about them once the patch has been
> > merged. You should have put them below the "---" separator line.)
> >
>
> Right. If this patch is of interest I can submit a second version
> with a cleaned-up patch description.
Please do; I'll be happy to merge it afterwards together with the first
fix.
Thanks,
--
Jiri Kosina
SUSE Labs
