Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 492963007: Store HID report sizes as uint16_t. (Closed)

Created:
6 years, 4 months ago by Reilly Grant (use Gerrit)
Modified:
6 years, 3 months ago
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Store HID report sizes as uint16_t. HID report sizes are unsigned values. In addition they should (because of the limited size of USB control transfers) never be larger than 64k. In reality that would be an absolutely enormous report and unlikely to ever been seen in the wild. By limiting the storage size for report lengths to a uint16_t we therefore also limit our exposure to being convinced to allocate unreasonably large buffers by a malicious device. The Windows HID parser already limits report sizes to a USHORT value. BUG= Committed: https://crrev.com/70cdd67c0293cef1216422386ff92018770c4b70 Cr-Commit-Position: refs/heads/master@{#291624}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+22 lines, -22 lines) Patch
M device/hid/hid_device_info.h View 1 chunk +3 lines, -3 lines 0 comments Download
M device/hid/hid_report_descriptor.h View 1 chunk +3 lines, -3 lines 0 comments Download
M device/hid/hid_report_descriptor.cc View 2 chunks +10 lines, -10 lines 0 comments Download
M device/hid/hid_report_descriptor_unittest.cc View 1 chunk +6 lines, -6 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
Reilly Grant (use Gerrit)
6 years, 4 months ago (2014-08-22 23:55:00 UTC) #1
rpaquay
lgtm
6 years, 4 months ago (2014-08-24 00:29:19 UTC) #2
Reilly Grant (use Gerrit)
The CQ bit was checked by reillyg@chromium.org
6 years, 4 months ago (2014-08-24 06:15:40 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/reillyg@chromium.org/492963007/1
6 years, 4 months ago (2014-08-24 06:16:19 UTC) #4
commit-bot: I haz the power
Committed patchset #1 (1) as 1ffd11a5d463e32100791a453d47eb8591c08eeb
6 years, 4 months ago (2014-08-24 07:11:59 UTC) #5
commit-bot: I haz the power
6 years, 3 months ago (2014-09-10 02:32:32 UTC) #6
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/70cdd67c0293cef1216422386ff92018770c4b70
Cr-Commit-Position: refs/heads/master@{#291624}

Powered by Google App Engine
This is Rietveld 408576698