commit | ec066eef742f1185d06e9b0f541dfbf27d090f6e | [log] [tgz] |
---|---|---|
author | Andrew de los Reyes <adlr@google.com> | Fri Sep 04 14:43:47 2015 -0700 |
committer | Andrew Duggan <aduggan@synaptics.com> | Thu Sep 10 11:16:24 2015 -0700 |
tree | a3ba86289d5fae4157bca722dbe4da99fe6c4651 | |
parent | 242ea83b394b44a8eec4cc4307cd98460ea114da [diff] |
HIDDevice::ParseReportSizes: check for valid descriptors Addresses security concern: HIDDevice::ParseReportSizes contains potential past-end-of-buffer reads when presented with a malicious/corrupt device descriptor (++i and i + 1, i + 2 array indexes don't validate they're less than m_rptDesc.size).