Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick b041159d06ad from chromium #37695

Merged
merged 5 commits into from
Mar 28, 2023
Merged

chore: cherry-pick b041159d06ad from chromium #37695

merged 5 commits into from
Mar 28, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Mar 24, 2023

[M-110] hid: Handle empty input reports

It's possible for a HID device to define its report descriptor such that
one or more reports have no data fields within the report. When receiving these reports, the report buffer should contain only the
report ID byte and no other data.

Ensure that we do not read past the end of the buffer when handling
zero-length input reports.

(cherry picked from commit c9d77da78bc66c135520ac77873d67b89cdcaee6)

Bug: 1419718
Change-Id: I51d32c20f6b16f0d2b0172e0a165469b6b79748c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4296562
Reviewed-by: Reilly Grant reillyg@chromium.org
Commit-Queue: Matt Reynolds mattreynolds@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1112009}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4320692
Commit-Queue: Reilly Grant reillyg@chromium.org
Auto-Submit: Matt Reynolds mattreynolds@chromium.org
Cr-Commit-Position: refs/branch-heads/5481@{#1341}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}

Ref electron/security#304

Notes: Security: backported fix for CVE-2023-1529.

@ppontes ppontes requested review from a team as code owners March 24, 2023 09:04
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 21-x-y labels Mar 24, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Mar 24, 2023
@jkleinsc jkleinsc merged commit ee66a3e into 21-x-y Mar 28, 2023
@jkleinsc jkleinsc deleted the cherry-pick/21-x-y/chromium/b041159d06ad branch March 28, 2023 14:46
@release-clerk
Copy link

release-clerk bot commented Mar 28, 2023

Release Notes Persisted

Security: backported fix for CVE-2023-1529.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
21-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @jkleinsc