From 54980d30eff608545884416576416060b80d011e Mon Sep 17 00:00:00 2001
From: Roderick Colenbrander <roderick@gaikai.com>
Date: Wed, 16 Nov 2022 08:00:21 -0800
Subject: [PATCH] HID: playstation: fix DualShock4 bluetooth memory corruption
 bug.

The size of the output buffer used for output reports was not updated
to the larger size needed for Bluetooth. This ultimately resulted
in memory corruption of surrounding structures e.g. due to memsets.

Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
 drivers/hid/hid-playstation.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index bae3e712a5623..f5e0d06d3cd8b 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
 	ds4->output_worker_initialized = true;
 	hid_set_drvdata(hdev, ds4);
 
-	max_output_report_size = sizeof(struct dualshock4_output_report_usb);
+	max_output_report_size = sizeof(struct dualshock4_output_report_bt);
 	ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
 	if (!ds4->output_report_dmabuf)
 		return ERR_PTR(-ENOMEM);