On 20/03/2026 17:49, Casey Connolly wrote:
Hi David,
Nice timing with the series, I hit an OOB access (found it when I
enabled UBSAN) with this patch the other day.
The pdt_scan_state->pdts array should actually be of size (RMI_PDT_MAX+1).
Additionally, I think rmi_pdt_entry_is_valid() is missing a bounds check.
Kind regards,
Thanks a lot for catching this and for the detailed notes — that’s very helpful.
Since you’re the original author of the commit, I’m completely fine with you
taking over the b4 series if you’d prefer. Alternatively, if it’s easier, feel
free to just send me a fixed patch and I can incorporate it.
Whichever works best for you.
David>
On 20/03/2026 17:44, David Heidelberg via B4 Relay wrote:
From: Casey Connolly <[email protected]>
Some third party rmi4-compatible ICs don't expose their PDT entries
very well. Add a few checks to skip duplicate entries as well as entries
for unsupported functions.
This is required to support some phones with third party displays.
Validated on a stock OnePlus 6T (original parts):
manufacturer: Synaptics, product: S3706B, fw id: 2852315
Co-developed-by: Kaustabh Chakraborty <[email protected]>
Signed-off-by: Kaustabh Chakraborty <[email protected]>
Signed-off-by: Casey Connolly <[email protected]>
Co-developed-by: David Heidelberg <[email protected]>
Signed-off-by: David Heidelberg <[email protected]>
[...]
