HID: playstation: fix DualShock4 bluetooth memory corruption bug.

The size of the output buffer used for output reports was not updated to the larger size needed for Bluetooth. This ultimately resulted in memory corruption of surrounding structures e.g. due to memsets. Fixes: 2d77474a ("HID: playstation: add DualShock4 bluetooth support.") Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

HID: playstation: fix DualShock4 bluetooth memory corruption bug.
The size of the output buffer used for output reports was not updated to the larger size needed for Bluetooth. This ultimately resulted in memory corruption of surrounding structures e.g. due to memsets. Fixes: 2d77474a ("HID: playstation: add DualShock4 bluetooth support.") Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
54980d30 · Roderick Colenbrander · Jiri Kosina · c64ed0cd · 54980d30
Commit 54980d30 authored Nov 16, 2022 by Roderick Colenbrander Committed by Jiri Kosina Nov 17, 2022
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/hid/hid-playstation.c drivers/hid/hid-playstation.c +1 -1

No files found.
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
 	ds4->output_worker_initialized = true;
 	hid_set_drvdata(hdev, ds4);

-	max_output_report_size = sizeof(struct dualshock4_output_report_usb);
+	max_output_report_size = sizeof(struct dualshock4_output_report_bt);
 	ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
 	if (!ds4->output_report_dmabuf)
 		return ERR_PTR(-ENOMEM);