HID: core: do not allow parsing 0-sized reports

Commit d7db259bd6df ("HID: core: factor out hid_parse_collections()")
reworked collection parsing code and inadvertently allowed returning
"success" when parsing 0-sized reports where old code returned -EINVAL.

Restore the original behavior by doing an explicit check.

Note that the error message now differs from the generic "item fetching
failed at offset %u/%u" that is now used only for non-empty descriptors.

Fixes: d7db259bd6df ("HID: core: factor out hid_parse_collections()")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 49775e3624ef2dbce3253fb328d29a07f959f02d..61bc42c44909afe8d623da8dfb96e9f0fb729190 100644 (file)
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1272,6 +1272,11 @@ static int hid_parse_collections(struct hid_device *device)
                device->collection[i].parent_idx = -1;
 
        ret = -EINVAL;
+       if (start == end) {
+               hid_err(device, "rejecting 0-sized report descriptor\n");
+               goto out;
+       }
+
        while ((next = fetch_item(start, end, &item)) != NULL) {
                start = next;