2017-09-27 23:29 GMT+09:00 Alan Stern :
> On Wed, 27 Sep 2017, Michel Hermier wrote:
>
>> Le 27 sept. 2017 07:42, "Alan Stern" a écrit :
>
>> > - for (n = 0; n < hdesc->bNumDescriptors; n++)
>> > + num_descriptors = min_t(int, hdesc->bNumDescriptors,
>> > +
On Wed, 27 Sep 2017, Michel Hermier wrote:
> Le 27 sept. 2017 07:42, "Alan Stern" a écrit :
> > - for (n = 0; n < hdesc->bNumDescriptors; n++)
> > + num_descriptors = min_t(int, hdesc->bNumDescriptors,
> > + (hdesc->bLength - 6) / 3);
> > + for (n
On Wed, 27 Sep 2017, Jaejoong Kim wrote:
> Hi, Alan,
>
> Thanks for the review.
>
> 2017-09-26 23:18 GMT+09:00 Alan Stern :
> > On Tue, 26 Sep 2017, Jaejoong Kim wrote:
> >
> >> The starting address of the hid descriptor is obtained via
> >> usb_get_extra_descriptor(). If the hid descriptor has
Hi, Alan,
Thanks for the review.
2017-09-26 23:18 GMT+09:00 Alan Stern :
> On Tue, 26 Sep 2017, Jaejoong Kim wrote:
>
>> The starting address of the hid descriptor is obtained via
>> usb_get_extra_descriptor(). If the hid descriptor has the wrong size, it
>> is possible to access the wrong addres
On Tue, 26 Sep 2017, Jaejoong Kim wrote:
> The starting address of the hid descriptor is obtained via
> usb_get_extra_descriptor(). If the hid descriptor has the wrong size, it
> is possible to access the wrong address. So, before accessing the hid
> descriptor, we need to check the entire size th
The starting address of the hid descriptor is obtained via
usb_get_extra_descriptor(). If the hid descriptor has the wrong size, it
is possible to access the wrong address. So, before accessing the hid
descriptor, we need to check the entire size through the bLength field.
It also shows how many c
