On Tue, 5 Nov 2024, Jiri Slaby wrote: > > (This is my first time reporting a Linux bug; please accept my apologies for > > any mistakes in the process.) > > > > When initializing a HID PID device, hid-pidff.c checks for eight required > > HID reports and five optional reports. If the eight required reports are > > present, the hid_pidff_init() function then attempts to find the necessary > > fields in each required or optional report, using the pidff_find_fields() > > function. However, if any of the five optional reports is not present, > > pidff_find_fields() will trigger a null-pointer dereference. > > > > I recently implemented the descriptors for a USB HID device with PID > > force-feedback capability. After implementing the required report > > descriptors but not the optional ones, I got an OOPS from the > > pidff_find_fields function. I saved the OOPS from my Ubuntu installation, > > and have attached it here. I later reproduced the issue on 6.11.6. > > > > I was able to work around the issue by having my device present all of the > > optional report descriptors as well as all of the required ones. > > Indeed. The code checks the required ones in pidff_reports_ok(). But the > optional ones are not checked at all and are directly accessed in both > pidff_init_fields() and also likely pidff_find_special_fields(). Thanks for the report. Nolan, will you be willing to create a patch implement a proper checking, test it with your device that's triggering it, and submit it in order to be applied? Thanks, -- Jiri Kosina SUSE Labs
