forked from osmocom/wireshark
USB HID: Avoid allocating a huge amount of memory (second try).
10204490d7
/ MR 80 ensured that we didn't grow field.usages due to an underflow, but it neglected to check for a sane array size. Add another check to make sure we don't wmem_array_grow() too much. Fixes #17165 and fixes #16809 more completely. (cherry picked from commit785e291c1b
)
This commit is contained in:
parent
247f8a4b33
commit
57e14a4190
|
@ -3339,6 +3339,7 @@ hid_unpack_signed(guint8 *data, unsigned int idx, unsigned int size, gint32 *val
|
|||
}
|
||||
|
||||
|
||||
#define MAX_REPORT_DESCRIPTOR_COUNT 100000 // Arbitrary
|
||||
static gboolean
|
||||
parse_report_descriptor(report_descriptor_t *rdesc)
|
||||
{
|
||||
|
@ -3496,6 +3497,10 @@ parse_report_descriptor(report_descriptor_t *rdesc)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (wmem_array_get_count(field.usages) + usage_max - usage_min >= MAX_REPORT_DESCRIPTOR_COUNT) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* min and max are inclusive */
|
||||
wmem_array_grow(field.usages, usage_max - usage_min + 1);
|
||||
for (guint32 j = usage_min; j <= usage_max; j++) {
|
||||
|
|
Loading…
Reference in New Issue