Cc Anssi
On 05. 11. 24, 1:30, Nolan Nicholson wrote:
Hello,
(This is my first time reporting a Linux bug; please accept my apologies
for any mistakes in the process.)
When initializing a HID PID device, hid-pidff.c checks for eight
required HID reports and five optional reports. If the eight required
reports are present, the hid_pidff_init() function then attempts to find
the necessary fields in each required or optional report, using the
pidff_find_fields() function. However, if any of the five optional
reports is not present, pidff_find_fields() will trigger a null-pointer
dereference.
I recently implemented the descriptors for a USB HID device with PID
force-feedback capability. After implementing the required report
descriptors but not the optional ones, I got an OOPS from the
pidff_find_fields function. I saved the OOPS from my Ubuntu
installation, and have attached it here. I later reproduced the issue on
6.11.6.
I was able to work around the issue by having my device present all of
the optional report descriptors as well as all of the required ones.
Indeed. The code checks the required ones in pidff_reports_ok(). But the
optional ones are not checked at all and are directly accessed in both
pidff_init_fields() and also likely pidff_find_special_fields().
thanks,
--
js
suse labs
