This was detected because events with invalid types were arriving to userspace.
The code before this patch would only work for the first event in the queue (when uhid->tail is 0). Signed-off-by: Vinicius Costa Gomes <[email protected]> --- David, Do you have any clue why it took so long for us to detect this issue? Cheers, drivers/hid/uhid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c index 119b7e6..714cd8c 100644 --- a/drivers/hid/uhid.c +++ b/drivers/hid/uhid.c @@ -465,7 +465,7 @@ try_again: goto try_again; } else { len = min(count, sizeof(**uhid->outq)); - if (copy_to_user(buffer, &uhid->outq[uhid->tail], len)) { + if (copy_to_user(buffer, uhid->outq[uhid->tail], len)) { ret = -EFAULT; } else { kfree(uhid->outq[uhid->tail]); -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
