From: Adam Kropelin Date: Wed, 14 Dec 2005 01:03:39 +0000 (-0800) Subject: [PATCH] hid-core: Zero-pad truncated reports X-Git-Tag: firefly_0821_release~38603^2~91 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=cd6104572bca9e4afe0dcdb8ecd65ef90b01297b;p=firefly-linux-kernel-4.4.55.git [PATCH] hid-core: Zero-pad truncated reports When it detects a truncated report, hid-core emits a warning and then processes the report as usual. This is good because it allows buggy devices to still get data thru to userspace. However, the missing bytes of the report should be cleared before processing, otherwise userspace will be handed partially-uninitialized data. This fixes Debian tracker bug #330487. Signed-off-by: Adam Kropelin Cc: Vojtech Pavlik Acked-by: Dmitry Torokhov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/usb/input/hid-core.c b/drivers/usb/input/hid-core.c index 45f3130fadea..a3e44ef1df43 100644 --- a/drivers/usb/input/hid-core.c +++ b/drivers/usb/input/hid-core.c @@ -893,8 +893,10 @@ static int hid_input_report(int type, struct urb *urb, int interrupt, struct pt_ size = ((report->size - 1) >> 3) + 1; - if (len < size) + if (len < size) { dbg("report %d is too short, (%d < %d)", report->id, len, size); + memset(data + len, 0, size - len); + } if (hid->claimed & HID_CLAIMED_HIDDEV) hiddev_report_event(hid, report);