-
由 Adrian Salido 提交于
The buffer allocation is not currently accounting for an extra byte for the report id. This can cause an out of bounds access in function i2c_hid_set_or_send_report() with reportID > 15. Cc: stable@vger.kernel.org Signed-off-by: NAdrian Salido <salidoa@google.com> Reviewed-by: NBenson Leung <bleung@chromium.org> Signed-off-by: NGuenter Roeck <groeck@chromium.org> Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
8320caee