Hi Dan,
On Tue, Mar 5, 2013 at 2:06 PM, Dan Carpenter dan.carpen...@oracle.com wrote:
We can't trust dj_report-device_index because it comes from the
user and hasn't been range checked. It is used as an offset into
the djrcv_dev-paired_dj_devices[] array which has 7 elements.
There is one
On Tue, Mar 05, 2013 at 05:34:08PM +0100, Nestor Lopez Casado wrote:
If you want to add a check, it need to be in logi_dj_recv_forward_report().
The current access to djrcv_dev-paired_dj_devices[] in
delayedwork_callback() has been removed in latest HID tree: