Re: [PATCH] HID: i2c-hid: allocate hid buffers for real worst case

From: Dmitry Torokhov
Date: Wed Sep 13 2017 - 10:50:11 EST


On Wed, Sep 13, 2017 at 07:02:05AM -0700, Jiri Kosina wrote:
> On Fri, 8 Sep 2017, Dmitry Torokhov wrote:
>
> > From: Adrian Salido <salidoa@xxxxxxxxxx>
> >
> > The buffer allocation is not currently accounting for an extra byte for
> > the report id. This can cause an out of bounds access in function
> > i2c_hid_set_or_send_report() with reportID > 15.
> >
> > Signed-off-by: Guenter Roeck <groeck@xxxxxxxxxxxx>
> > Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
>
> Missing signoff from the patch author?

Oops, I must have cut it off on accident while removing ChromeOS
specific tags, the original commit is here:

https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/475212

>
> Also, I think this should have Cc: stable, right?

I usually let maintainers decide, but yes.

Thanks.

--
Dmitry