HID: core: Correctly handle ReportSize being zero (cf7797ea) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/hid/hid-core.c

+13 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1406,6 +1406,17 @@ static void hid_output_field(const struct hid_device *hid,
	}		}
	}		}

			/*
			* Compute the size of a report.
			*/
			static size_t hid_compute_report_size(struct hid_report *report)
			{
			if (report->size)
			return ((report->size - 1) >> 3) + 1;

			return 0;
			}

	/*		/*
	* Create a report. 'data' has to be allocated using		* Create a report. 'data' has to be allocated using
	* hid_alloc_report_buf() so that it has proper size.		* hid_alloc_report_buf() so that it has proper size.
	@@ -1418,7 +1429,7 @@ void hid_output_report(struct hid_report report, __u8 data)
	if (report->id > 0)		if (report->id > 0)
	*data++ = report->id;		*data++ = report->id;

	memset(data, 0, ((report->size - 1) >> 3) + 1);		memset(data, 0, hid_compute_report_size(report));
	for (n = 0; n < report->maxfield; n++)		for (n = 0; n < report->maxfield; n++)
	hid_output_field(report->device, report->field[n], data);		hid_output_field(report->device, report->field[n], data);
	}		}
	@@ -1545,7 +1556,7 @@ int hid_report_raw_event(struct hid_device hid, int type, u8 data, u32 size,
	csize--;		csize--;
	}		}

	rsize = ((report->size - 1) >> 3) + 1;		rsize = hid_compute_report_size(report);

	if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)		if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
	rsize = HID_MAX_BUFFER_SIZE - 1;		rsize = HID_MAX_BUFFER_SIZE - 1;