commit ca1f247856be556e0dac51800d675e13c212b614
author Dmitry Torokhov <dmitry.torokhov@gmail.com> Mon Oct 23 16:46:00 2017 -0700
committer Todd Kjos <tkjos@google.com> Mon May 07 16:16:50 2018 -0700
tree 5d9e0f42ad6b2808478d043e74fb2ed0fdc9b207
parent a777e50ed1585f07d57f828a2c81815501155707

Input: gtco - fix potential out-of-bound access

commit a50829479f58416a013a4ccca791336af3c584c7 upstream.

parse_hid_report_descriptor() has a while (i < length) loop, which
only guarantees that there's at least 1 byte in the buffer, but the
loop body can read multiple bytes which causes out-of-bounds access.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>