Module Name: src
Committed By: jakllsch
Date: Thu Jan 7 16:10:49 UTC 2016
Modified Files:
src/lib/libusbhid: parse.c
src/sys/dev/usb: hid.c
src/tests/dev/usb: t_hid.c
src/tests/lib/libusbhid: t_usbhid.c
Log Message:
Don't crash when the device's HID Report Descriptor Pops from an empty stack.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/lib/libusbhid/parse.c
cvs rdiff -u -r1.39 -r1.40 src/sys/dev/usb/hid.c
cvs rdiff -u -r1.2 -r1.3 src/tests/dev/usb/t_hid.c
cvs rdiff -u -r1.10 -r1.11 src/tests/lib/libusbhid/t_usbhid.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libusbhid/parse.c
diff -u src/lib/libusbhid/parse.c:1.8 src/lib/libusbhid/parse.c:1.9
--- src/lib/libusbhid/parse.c:1.8 Mon May 23 15:16:27 2011
+++ src/lib/libusbhid/parse.c Thu Jan 7 16:10:49 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.c,v 1.8 2011/05/23 15:16:27 joerg Exp $ */
+/* $NetBSD: parse.c,v 1.9 2016/01/07 16:10:49 jakllsch Exp $ */
/*
* Copyright (c) 1999, 2001 Lennart Augustsson <[email protected]>
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: parse.c,v 1.8 2011/05/23 15:16:27 joerg Exp $");
+__RCSID("$NetBSD: parse.c,v 1.9 2016/01/07 16:10:49 jakllsch Exp $");
#include <assert.h>
#include <stdlib.h>
@@ -375,6 +375,8 @@ hid_get_item_raw(hid_data_t s, hid_item_
break;
case 11: /* Pop */
hi = c->next;
+ if (hi == NULL)
+ break;
s->cur = *hi;
free(hi);
break;
Index: src/sys/dev/usb/hid.c
diff -u src/sys/dev/usb/hid.c:1.39 src/sys/dev/usb/hid.c:1.40
--- src/sys/dev/usb/hid.c:1.39 Sat Jan 2 20:57:10 2016
+++ src/sys/dev/usb/hid.c Thu Jan 7 16:10:49 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: hid.c,v 1.39 2016/01/02 20:57:10 jakllsch Exp $ */
+/* $NetBSD: hid.c,v 1.40 2016/01/07 16:10:49 jakllsch Exp $ */
/* $FreeBSD: src/sys/dev/usb/hid.c,v 1.11 1999/11/17 22:33:39 n_hibma Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hid.c,v 1.39 2016/01/02 20:57:10 jakllsch Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hid.c,v 1.40 2016/01/07 16:10:49 jakllsch Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -298,6 +298,8 @@ hid_get_item(struct hid_data *s, struct
break;
case 11: /* Pop */
hi = c->next;
+ if (hi == NULL)
+ break;
oldpos = c->loc.pos;
*c = *hi;
c->loc.pos = oldpos;
Index: src/tests/dev/usb/t_hid.c
diff -u src/tests/dev/usb/t_hid.c:1.2 src/tests/dev/usb/t_hid.c:1.3
--- src/tests/dev/usb/t_hid.c:1.2 Thu Jan 7 15:58:23 2016
+++ src/tests/dev/usb/t_hid.c Thu Jan 7 16:10:49 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: t_hid.c,v 1.2 2016/01/07 15:58:23 jakllsch Exp $ */
+/* $NetBSD: t_hid.c,v 1.3 2016/01/07 16:10:49 jakllsch Exp $ */
/*
* Copyright (c) 2016 Jonathan A. Kollasch
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: t_hid.c,v 1.2 2016/01/07 15:58:23 jakllsch Exp $");
+__RCSID("$NetBSD: t_hid.c,v 1.3 2016/01/07 16:10:49 jakllsch Exp $");
#include <machine/types.h>
#include <stdlib.h>
@@ -214,8 +214,6 @@ ATF_TC_BODY(khid_parse_just_pop, tc)
struct hid_data *hdp;
struct hid_item hi;
- atf_tc_expect_fail("Pop crashes on empty stack.");
-
hdp = hid_start_parse(just_pop_report_descriptor,
sizeof just_pop_report_descriptor, hid_none);
while (hid_get_item(hdp, &hi) > 0) {
Index: src/tests/lib/libusbhid/t_usbhid.c
diff -u src/tests/lib/libusbhid/t_usbhid.c:1.10 src/tests/lib/libusbhid/t_usbhid.c:1.11
--- src/tests/lib/libusbhid/t_usbhid.c:1.10 Thu Jan 7 15:58:23 2016
+++ src/tests/lib/libusbhid/t_usbhid.c Thu Jan 7 16:10:49 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: t_usbhid.c,v 1.10 2016/01/07 15:58:23 jakllsch Exp $ */
+/* $NetBSD: t_usbhid.c,v 1.11 2016/01/07 16:10:49 jakllsch Exp $ */
/*
* Copyright (c) 2016 Jonathan A. Kollasch
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: t_usbhid.c,v 1.10 2016/01/07 15:58:23 jakllsch Exp $");
+__RCSID("$NetBSD: t_usbhid.c,v 1.11 2016/01/07 16:10:49 jakllsch Exp $");
#include <atf-c.h>
@@ -424,8 +424,6 @@ ATF_TC_BODY(check_parse_just_pop, tc)
hid_data_t hd;
hid_item_t hi;
- atf_tc_expect_fail("segfaults");
-
ATF_REQUIRE((hrd = hid_use_report_desc(
just_pop_report_descriptor,
sizeof just_pop_report_descriptor)) != NULL);
