When it detects a truncated report, hid-core emits a warning and then
processes the report as usual. This is good because it allows buggy
devices to still get data thru to userspace. However, the missing bytes of
the report should be cleared before processing, otherwise userspace will be
handed partially-uninitialized data.
This fixes Debian tracker bug #330487.
Signed-off-by: Adam Kropelin <akropel1@rochester.rr.com>
Cc: Vojtech Pavlik <vojtech@suse.cz>
Acked-by: Dmitry Torokhov <dtor_core@ameritech.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
size = ((report->size - 1) >> 3) + 1;
- if (len < size)
+ if (len < size) {
dbg("report %d is too short, (%d < %d)", report->id, len, size);
+ memset(data + len, 0, size - len);
+ }
if (hid->claimed & HID_CLAIMED_HIDDEV)
hiddev_report_event(hid, report);