-
由 Marc Zyngier 提交于
stable inclusion from linux-4.19.144 commit abae259fdccc5e41ff302dd80a2b944ce385c970 CVE: CVE-2020-0465 -------------------------------- commit bce1305c upstream. It appears that a ReportSize value of zero is legal, even if a bit non-sensical. Most of the HID code seems to handle that gracefully, except when computing the total size in bytes. When fed as input to memset, this leads to some funky outcomes. Detect the corner case and correctly compute the size. Cc: stable@vger.kernel.org Signed-off-by: NMarc Zyngier <maz@kernel.org> Signed-off-by: NBenjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
55a9d836