HID: playstation: fix DualShock4 bluetooth memory corruption bug.

The size of the output buffer used for output reports was not updated
to the larger size needed for Bluetooth. This ultimately resulted
in memory corruption of surrounding structures e.g. due to memsets.

Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index bae3e71..f5e0d06 100644 (file)
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
        ds4->output_worker_initialized = true;
        hid_set_drvdata(hdev, ds4);
 
-       max_output_report_size = sizeof(struct dualshock4_output_report_usb);
+       max_output_report_size = sizeof(struct dualshock4_output_report_bt);
        ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
        if (!ds4->output_report_dmabuf)
                return ERR_PTR(-ENOMEM);