Skip to content

Commit

Permalink
HID: playstation: fix DualShock4 bluetooth memory corruption bug.
Browse files Browse the repository at this point in the history 
The size of the output buffer used for output reports was not updated
to the larger size needed for Bluetooth. This ultimately resulted
in memory corruption of surrounding structures e.g. due to memsets.

Fixes: 2d77474 ("HID: playstation: add DualShock4 bluetooth support.")
Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
  • Loading branch information
Roderick Colenbrander authored and Jiri Kosina committed Nov 16, 2022
1 parent c64ed0c commit 54980d3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/hid/hid-playstation.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
ds4->output_worker_initialized = true;
hid_set_drvdata(hdev, ds4);

max_output_report_size = sizeof(struct dualshock4_output_report_usb);
max_output_report_size = sizeof(struct dualshock4_output_report_bt);
ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
if (!ds4->output_report_dmabuf)
return ERR_PTR(-ENOMEM);
Expand Down

0 comments on commit 54980d3

Please sign in to comment.