[PATCH BlueZ] input/device: Fix off by one report descriptor size error

[PATCH BlueZ] input/device: Fix off by one report descriptor size error

[Andrey Smirnov]

Due to the way we handle SDP strings internally BlueZ ends up
including and artifically added 0x00 into the report descriptor it
passes on to UHID. This results in kernel error messages like

[371225.240843] microsoft 0005:045E:02FD.0019: unknown main item tag 0x0

or

[367200.458679] playstation 0005:054C:0CE6.0014: unknown main item tag 0x0

The error is ignored by the kernel's report parser, so this is benign,
but for the sake of correctness, let's not supply bogus data in the
first place.
---
 profiles/input/device.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 02a9ad43d..6bdc5ee3a 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -863,10 +863,17 @@ static int extract_hid_desc_data(const sdp_record_t *rec,
 	if (!d || !SDP_IS_TEXT_STR(d->dtd))
 		goto invalid_desc;

-	req->rd_data = g_try_malloc0(d->unitSize);
+	/*
+	 * Report descriptor data is parsed by extract_str() which
+	 * will allocate N + 1 bytes for the incoming string to
+	 * include a zero delimiter. Since that zero delimiter isn't a
+	 * part of a report descriptor we adjust the size here to
+	 * account for that.
+	 */
+	req->rd_size = d->unitSize - 1;
+	req->rd_data = g_try_malloc0(req->rd_size);
 	if (req->rd_data) {
-		memcpy(req->rd_data, d->val.str, d->unitSize);
-		req->rd_size = d->unitSize;
+		memcpy(req->rd_data, d->val.str, req->rd_size);
 		epox_endian_quirk(req->rd_data, req->rd_size);
 	}

--
2.43.0

RE: [BlueZ] input/device: Fix off by one report descriptor size error

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 1262 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1031026

---Test result---

Test Summary:
CheckPatch                    PENDING   0.22 seconds
GitLint                       PENDING   0.24 seconds
BuildEll                      PASS      20.11 seconds
BluezMake                     PASS      651.12 seconds
MakeCheck                     PASS      21.74 seconds
MakeDistcheck                 PASS      245.97 seconds
CheckValgrind                 PASS      305.54 seconds
CheckSmatch                   PASS      355.98 seconds
bluezmakeextell               PASS      185.95 seconds
IncrementalBuild              PENDING   0.32 seconds
ScanBuild                     PASS      1055.11 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth