[PATCH v3 0/2] HID: corsair-void: Fix various memory issues

[PATCH v3 0/2] HID: corsair-void: Fix various memory issues

[Stuart Hayhurst]

Fixes a use-after-free and a struct without an initialiser

Hopefully I got it right this time, sorry to everyone
that got some extra emails

---

Stuart Hayhurst (2):
  HID: corsair-void: Add missing delayed work cancel for headset status
  HID: corsair-void: Initialise memory for psy_cfg

 drivers/hid/hid-corsair-void.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.47.1

[PATCH v3 1/2] HID: corsair-void: Add missing delayed work cancel for headset status

[Stuart Hayhurst]

The cancel_delayed_work_sync() call was missed, causing a use-after-free
in corsair_void_remove().

Reported-by: yan kang <kangyan91@outlook.com>
Reported-by: yue sun <samsun1006219@gmail.com>
Closes: https://lore.kernel.org/all/SY8P300MB042106286A2536707D2FB736A1E42@SY8P300MB0421.AUSP300.PROD.OUTLOOK.COM/
Closes: https://lore.kernel.org/all/SY8P300MB0421872E0AE934C9616FA61EA1E42@SY8P300MB0421.AUSP300.PROD.OUTLOOK.COM/

Fixes: 6ea2a6fd3872 ("HID: corsair-void: Add Corsair Void headset family driver")
Cc: stable@vger.kernel.org
Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst@gmail.com>
---
 drivers/hid/hid-corsair-void.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/hid/hid-corsair-void.c b/drivers/hid/hid-corsair-void.c
index 6ece56b850fc..bd8f3d849b58 100644
--- a/drivers/hid/hid-corsair-void.c
+++ b/drivers/hid/hid-corsair-void.c
@@ -726,6 +726,7 @@ static void corsair_void_remove(struct hid_device *hid_dev)
 	if (drvdata->battery)
 		power_supply_unregister(drvdata->battery);
 
+	cancel_delayed_work_sync(&drvdata->delayed_status_work);
 	cancel_delayed_work_sync(&drvdata->delayed_firmware_work);
 	sysfs_remove_group(&hid_dev->dev.kobj, &corsair_void_attr_group);
 }
-- 
2.47.1

[PATCH v3 2/2] HID: corsair-void: Initialise memory for psy_cfg

[Stuart Hayhurst]

power_supply_config psy_cfg was missing its initialiser, add it in.

Fixes: 6ea2a6fd3872 ("HID: corsair-void: Add Corsair Void headset family driver")
Cc: stable@vger.kernel.org
Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst@gmail.com>
---
 drivers/hid/hid-corsair-void.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-corsair-void.c b/drivers/hid/hid-corsair-void.c
index bd8f3d849b58..56e858066c3c 100644
--- a/drivers/hid/hid-corsair-void.c
+++ b/drivers/hid/hid-corsair-void.c
@@ -553,7 +553,7 @@ static void corsair_void_battery_remove_work_handler(struct work_struct *work)
 static void corsair_void_battery_add_work_handler(struct work_struct *work)
 {
 	struct corsair_void_drvdata *drvdata;
-	struct power_supply_config psy_cfg;
+	struct power_supply_config psy_cfg = {};
 	struct power_supply *new_supply;
 
 	drvdata = container_of(work, struct corsair_void_drvdata,
-- 
2.47.1

Re: [PATCH v3 0/2] HID: corsair-void: Fix various memory issues

[Jiri Kosina]

On Tue, 21 Jan 2025, Stuart Hayhurst wrote:

> Fixes a use-after-free and a struct without an initialiser
> 
> Hopefully I got it right this time, sorry to everyone
> that got some extra emails
> 
> ---
> 
> Stuart Hayhurst (2):
>   HID: corsair-void: Add missing delayed work cancel for headset status
>   HID: corsair-void: Initialise memory for psy_cfg
> 
>  drivers/hid/hid-corsair-void.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Applied, thanks.

-- 
Jiri Kosina
SUSE Labs