Author: wulf Date: Sat Aug 4 12:45:37 2018 New Revision: 337291 URL: https://svnweb.freebsd.org/changeset/base/337291
Log: MFC r336577: Raise "Report Count" value limit in HID descriptor parser. This fixes usage/report size calculation of Microsoft`s "Touch Hardware Quality Assurance" certificate blob found in many touchscreens. While here, join several "c->flags = dval" lines in to single line. Reviewed by: hselasky Differential Revision: https://reviews.freebsd.org/D16357 Modified: stable/11/sys/dev/usb/usb_hid.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/usb/usb_hid.c ============================================================================== --- stable/11/sys/dev/usb/usb_hid.c Sat Aug 4 12:40:59 2018 (r337290) +++ stable/11/sys/dev/usb/usb_hid.c Sat Aug 4 12:45:37 2018 (r337291) @@ -72,6 +72,7 @@ static uint8_t hid_get_byte(struct hid_data *s, const #define MAXUSAGE 64 #define MAXPUSH 4 #define MAXID 16 +#define MAXLOCCNT 1024 struct hid_pos_data { int32_t rid; @@ -89,10 +90,10 @@ struct hid_data { int32_t usage_last; /* last seen usage */ uint32_t loc_size; /* last seen size */ uint32_t loc_count; /* last seen count */ + uint32_t ncount; /* end usage item count */ + uint32_t icount; /* current usage item count */ uint8_t kindset; /* we have 5 kinds so 8 bits are enough */ uint8_t pushlevel; /* current pushlevel */ - uint8_t ncount; /* end usage item count */ - uint8_t icount; /* current usage item count */ uint8_t nusage; /* end "usages_min/max" index */ uint8_t iusage; /* current "usages_min/max" index */ uint8_t ousage; /* current "usages_min/max" offset */ @@ -345,18 +346,19 @@ hid_get_item(struct hid_data *s, struct hid_item *h) switch (bTag) { case 8: /* Input */ c->kind = hid_input; - c->flags = dval; ret: + c->flags = dval; c->loc.count = s->loc_count; c->loc.size = s->loc_size; if (c->flags & HIO_VARIABLE) { /* range check usage count */ - if (c->loc.count > 255) { + if (c->loc.count > MAXLOCCNT) { DPRINTFN(0, "Number of " - "items(%u) truncated to 255\n", - (unsigned)(c->loc.count)); - s->ncount = 255; + "items(%u) truncated to %u\n", + (unsigned)(c->loc.count), + MAXLOCCNT); + s->ncount = MAXLOCCNT; } else s->ncount = c->loc.count; @@ -372,7 +374,6 @@ hid_get_item(struct hid_data *s, struct hid_item *h) case 9: /* Output */ c->kind = hid_output; - c->flags = dval; goto ret; case 10: /* Collection */ c->kind = hid_collection; @@ -383,7 +384,6 @@ hid_get_item(struct hid_data *s, struct hid_item *h) return (1); case 11: /* Feature */ c->kind = hid_feature; - c->flags = dval; goto ret; case 12: /* End collection */ c->kind = hid_endcollection; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
