* [Bug 202999] New: The HID Parser has some bugs and limitations
@ 2019-03-22 7:25 bugzilla-daemon
0 siblings, 0 replies; only message in thread
From: bugzilla-daemon @ 2019-03-22 7:25 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=202999
Bug ID: 202999
Summary: The HID Parser has some bugs and limitations
Product: Drivers
Version: 2.5
Kernel Version: 4.9
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Bluetooth
Assignee: linux-bluetooth@vger.kernel.org
Reporter: rzimmerm@logitech.com
Regression: No
From hid-core.c:
case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
parser->global.report_size = item_udata(item);
if (parser->global.report_size > 96) {
dbg_hid("invalid report_size %d\n",
parser->global.report_size);
return -1;
}
return 0;
The 96 bits limit is arbitrary. For new categories of devices this can be a
limitation (in our case an array of structure larger than 12 bytes) I would
recommend either no limit (dynamic) or something like 64 * 8 bits.
if (parser->global.logical_maximum < parser->global.logical_minimum) {
dbg_hid("logical range invalid %d %d\n",
parser->global.logical_minimum, parser->global.logical_maximum);
return -1;
}
If the item is 32bit and the logical extent is (0 - 0xFFFFFFFF), the
logical_maximum will flip sign as it is a 32 bit signed variable and the
assertion will fail.
Those issue are not found on Windows/MacOS/iOS
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-03-22 7:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-22 7:25 [Bug 202999] New: The HID Parser has some bugs and limitations bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).