From: Dan Carpenter <dan.carpenter@oracle.com>
To: michael.zaidman@gmail.com
Cc: linux-input@vger.kernel.org
Subject: [bug report] HID: ft260: add usb hid to i2c host bridge driver
Date: Thu, 18 Mar 2021 13:39:53 +0300 [thread overview]
Message-ID: <YFMt+VFuiZlCVFyP@mwanda> (raw)
Hello Michael Zaidman,
The patch 6a82582d9fa4: "HID: ft260: add usb hid to i2c host bridge
driver" from Feb 19, 2021, leads to the following static checker
warning:
drivers/hid/hid-ft260.c:1028 ft260_raw_event()
error: 'xfer->length' from user is not capped properly
drivers/hid/hid-ft260.c
1017 static int ft260_raw_event(struct hid_device *hdev, struct hid_report *report,
1018 u8 *data, int size)
1019 {
1020 struct ft260_device *dev = hid_get_drvdata(hdev);
1021 struct ft260_i2c_input_report *xfer = (void *)data;
1022
1023 if (xfer->report >= FT260_I2C_REPORT_MIN &&
1024 xfer->report <= FT260_I2C_REPORT_MAX) {
1025 ft260_dbg("i2c resp: rep %#02x len %d\n", xfer->report,
1026 xfer->length);
1027
1028 memcpy(&dev->read_buf[dev->read_idx], &xfer->data,
1029 xfer->length);
Do we need to check if "xfer->len <= dev->read_len"?
1030 dev->read_idx += xfer->length;
1031
1032 if (dev->read_idx == dev->read_len)
1033 complete(&dev->wait);
1034
1035 } else {
1036 hid_err(hdev, "unknown report: %#02x\n", xfer->report);
1037 return 0;
1038 }
1039 return 1;
1040 }
regards,
dan carpenter
next reply other threads:[~2021-03-18 10:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 10:39 Dan Carpenter [this message]
2021-03-19 16:33 ` [bug report] HID: ft260: add usb hid to i2c host bridge driver Michael Zaidman
-- strict thread matches above, loose matches on Subject: below --
2021-04-09 12:32 Dan Carpenter
2021-04-10 12:27 ` Michael Zaidman
2021-04-10 15:37 ` Dan Carpenter
2021-04-10 21:04 ` Michael Zaidman
2021-04-12 9:11 ` Dan Carpenter
2021-04-13 15:52 ` Michael Zaidman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFMt+VFuiZlCVFyP@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-input@vger.kernel.org \
--cc=michael.zaidman@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.