Hi again,
On 16/09/2021 17:33, Andrej Shadura wrote:
> Since the actual_length calculation is performed unsigned, packets
> shorter than 7 bytes (e.g. packets without data or otherwise truncated)
> or non-received packets ("zero" bytes) can cause buffer overflow.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=214437
> Fixes: 42337b9d4d958("HID: add driver for U2F Zero built-in LED and RNG")
> Signed-off-by: Andrej Shadura <andrew.shadura@xxxxxxxxxxxxxxx>
Having sent the email I realised I forgot to describe the actual
situation when I ran into this bug. It happened after I inserted and
removed the device multiple times very quickly. I know it’s not
extremely reliable way to reproduce it, and it rarely happened to me
before for some reason, but on the current kernel (5.11.0) I was able to
cause the crash every time I tried.
--
Cheers,
Andrej
