Author: wulf Date: Sat Jul 21 14:20:17 2018 New Revision: 336577 URL: https://svnweb.freebsd.org/changeset/base/336577
Log: Raise "Report Count" value limit in HID descriptor parser. This fixes usage/report size calculation of Microsoft`s "Touch Hardware Quality Assurance" certificate blob found in many touchscreens. While here, join several "c->flags = dval" lines in to single line. Reviewed by: hselasky MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D16357 Modified: head/sys/dev/usb/usb_hid.c Modified: head/sys/dev/usb/usb_hid.c ============================================================================== --- head/sys/dev/usb/usb_hid.c Sat Jul 21 07:50:46 2018 (r336576) +++ head/sys/dev/usb/usb_hid.c Sat Jul 21 14:20:17 2018 (r336577) @@ -74,6 +74,7 @@ static uint8_t hid_get_byte(struct hid_data *s, const #define MAXUSAGE 64 #define MAXPUSH 4 #define MAXID 16 +#define MAXLOCCNT 1024 struct hid_pos_data { int32_t rid; @@ -91,10 +92,10 @@ struct hid_data { int32_t usage_last; /* last seen usage */ uint32_t loc_size; /* last seen size */ uint32_t loc_count; /* last seen count */ + uint32_t ncount; /* end usage item count */ + uint32_t icount; /* current usage item count */ uint8_t kindset; /* we have 5 kinds so 8 bits are enough */ uint8_t pushlevel; /* current pushlevel */ - uint8_t ncount; /* end usage item count */ - uint8_t icount; /* current usage item count */ uint8_t nusage; /* end "usages_min/max" index */ uint8_t iusage; /* current "usages_min/max" index */ uint8_t ousage; /* current "usages_min/max" offset */ @@ -347,18 +348,19 @@ hid_get_item(struct hid_data *s, struct hid_item *h) switch (bTag) { case 8: /* Input */ c->kind = hid_input; - c->flags = dval; ret: + c->flags = dval; c->loc.count = s->loc_count; c->loc.size = s->loc_size; if (c->flags & HIO_VARIABLE) { /* range check usage count */ - if (c->loc.count > 255) { + if (c->loc.count > MAXLOCCNT) { DPRINTFN(0, "Number of " - "items(%u) truncated to 255\n", - (unsigned)(c->loc.count)); - s->ncount = 255; + "items(%u) truncated to %u\n", + (unsigned)(c->loc.count), + MAXLOCCNT); + s->ncount = MAXLOCCNT; } else s->ncount = c->loc.count; @@ -374,7 +376,6 @@ hid_get_item(struct hid_data *s, struct hid_item *h) case 9: /* Output */ c->kind = hid_output; - c->flags = dval; goto ret; case 10: /* Collection */ c->kind = hid_collection; @@ -385,7 +386,6 @@ hid_get_item(struct hid_data *s, struct hid_item *h) return (1); case 11: /* Feature */ c->kind = hid_feature; - c->flags = dval; goto ret; case 12: /* End collection */ c->kind = hid_endcollection; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
