HID: playstation: fix DualShock4 bluetooth memory corruption bug.

The size of the output buffer used for output reports was not updated to the larger size needed for Bluetooth. This ultimately resulted in memory corruption of surrounding structures e.g. due to memsets. Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.") Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
author: Roderick Colenbrander <roderick@gaikai.com> 2022-11-16 19:00:21 +0300
committer: Jiri Kosina <jkosina@suse.cz> 2022-11-17 02:46:13 +0300
commit: 54980d30eff608545884416576416060b80d011e (patch)
tree: 92f47d2f9340900cadb7564fee2042a36b8a5854
parent: c64ed0cd9324f9e5f44deb6834ad9fb5bfa436bc (diff)
download: linux-54980d30eff608545884416576416060b80d011e.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index bae3e712a562..f5e0d06d3cd8 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
 	ds4->output_worker_initialized = true;
 	hid_set_drvdata(hdev, ds4);
 
-	max_output_report_size = sizeof(struct dualshock4_output_report_usb);
+	max_output_report_size = sizeof(struct dualshock4_output_report_bt);
 	ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
 	if (!ds4->output_report_dmabuf)
 		return ERR_PTR(-ENOMEM);
author	Roderick Colenbrander <roderick@gaikai.com>	2022-11-16 19:00:21 +0300
committer	Jiri Kosina <jkosina@suse.cz>	2022-11-17 02:46:13 +0300
commit	54980d30eff608545884416576416060b80d011e (patch)
tree	92f47d2f9340900cadb7564fee2042a36b8a5854
parent	c64ed0cd9324f9e5f44deb6834ad9fb5bfa436bc (diff)
download	linux-54980d30eff608545884416576416060b80d011e.tar.xz