| commit | 70cdd67c0293cef1216422386ff92018770c4b70 | |
| author | reillyg <reillyg@chromium.org> | |
| Sun, 24 Aug 2014 07:11:46 +0000 (24 00:11 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Sun, 24 Aug 2014 07:13:02 +0000 (24 07:13 +0000) | ||
| tree | 6aa4877338c58365efc97f406e7beac8dbafc52d | treesnapshot (tar.gz zip) |
| parent | c92d18afd4b6e965345ddef87b9716480f48c665 | commitdiff |
Store HID report sizes as uint16_t.
HID report sizes are unsigned values. In addition they should (because
of the limited size of USB control transfers) never be larger than 64k.
In reality that would be an absolutely enormous report and unlikely to
ever been seen in the wild. By limiting the storage size for report
lengths to a uint16_t we therefore also limit our exposure to being
convinced to allocate unreasonably large buffers by a malicious device.
The Windows HID parser already limits report sizes to a USHORT value.
BUG=
Review URL: https://codereview.chromium.org/492963007
Cr-Commit-Position: refs/heads/master@{#291624}
HID report sizes are unsigned values. In addition they should (because
of the limited size of USB control transfers) never be larger than 64k.
In reality that would be an absolutely enormous report and unlikely to
ever been seen in the wild. By limiting the storage size for report
lengths to a uint16_t we therefore also limit our exposure to being
convinced to allocate unreasonably large buffers by a malicious device.
The Windows HID parser already limits report sizes to a USHORT value.
BUG=
Review URL: https://codereview.chromium.org/492963007
Cr-Commit-Position: refs/heads/master@{#291624}