Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

esp_hidh report map length checking function (IDFGH-5889) #7586

Closed
guo-max opened this issue Sep 21, 2021 · 3 comments
Closed

esp_hidh report map length checking function (IDFGH-5889) #7586

guo-max opened this issue Sep 21, 2021 · 3 comments
Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally

Comments

@guo-max
Copy link

guo-max commented Sep 21, 2021

Environment

  • Development Kit: [ESP32-Wrover-Kit]
  • Kit version (for WroverKit v4]
  • Module or chip used: [ESP32-WROOM-32]
  • IDF version (run git describe --tags to find it):
    // ESP-IDF v4.4-dev-3042-g220590d599-dirty
  • Build System: [idf.py]
  • Operating System: [Linux]
  • Using an IDE?: [No]
  • Power Supply: [USB]

Problem Description

esp_hidh_dev_report_t *esp_hidh_dev_get_input_report_by_proto_and_data(esp_hidh_dev_t *dev, int protocol_mode,
                                                                       size_t len, const uint8_t *data, bool *has_report_id)
{
    esp_hidh_dev_report_t *r = dev->reports;
    *has_report_id = false;
    // first, assume data not include report id
    while (r) {
        if (r->value_len == len && r->report_id == 0 && (r->report_type & 1) &&
            r->protocol_mode == protocol_mode) {
            *has_report_id = false;
            break;
        }
        r = r->next;
    }
    // indicate data include report id
    if (r == NULL) {
        if (*data == 0) {
            ESP_LOGE(TAG, "data not include report id!");
            *has_report_id = false;
            return NULL;
        }
        r = dev->reports;
        while (r) {
            if (r->value_len == len + 1 && r->report_id == *data && (r->report_type & 1) &&

// r->value_len is the report map length and the "len" is the data length. the data should be report id + report data
// which r->value_len == len -1, not len +1

                r->protocol_mode == protocol_mode) {
                *has_report_id = true;
                break;
            }
            r = r->next;
        }
    }
    return r;
}

The fix should be:

diff --git a/components/esp_hid/src/esp_hidh.c b/components/esp_hid/src/esp_hidh.c
index 484092c885..49ff9c9cf3 100644
--- a/components/esp_hid/src/esp_hidh.c
+++ b/components/esp_hid/src/esp_hidh.c
@@ -639,7 +639,7 @@ esp_hidh_dev_report_t *esp_hidh_dev_get_input_report_by_proto_and_data(esp_hidh_
         }
         r = dev->reports;
         while (r) {
-            if (r->value_len == len + 1 && r->report_id == *data && (r->report_type & 1) &&
+            if (r->value_len == len - 1 && r->report_id == *data && (r->report_type & 1) &&
                 r->protocol_mode == protocol_mode) {
                 *has_report_id = true;
                 break;
@espressif-bot espressif-bot added the Status: Opened Issue is new label Sep 21, 2021
@github-actions github-actions bot changed the title esp_hidh report map length checking function esp_hidh report map length checking function (IDFGH-5889) Sep 21, 2021
@ghost
Copy link

ghost commented Sep 22, 2021

@guo-max Thanks! We will fix it ASAP.

@espressif-bot espressif-bot added Status: In Progress Work is in progress and removed Status: Opened Issue is new labels Sep 22, 2021
@finger563
Copy link

Any status on this?

The only patch required to fix it is:

--- a/components/esp_hid/src/esp_hidh.c
+++ b/components/esp_hid/src/esp_hidh.c
@@ -639,7 +639,7 @@ esp_hidh_dev_report_t *esp_hidh_dev_get_input_report_by_proto_and_data(esp_hidh_
         }
         r = dev->reports;
         while (r) {
-            if (r->value_len == len + 1 && r->report_id == *data && (r->report_type & 1) &&
+            if (r->value_len == len - 1 && r->report_id == *data && (r->report_type & 1) &&
                 r->protocol_mode == protocol_mode) {
                 *has_report_id = true;
                 break;

If you'd like we can open a PR for it.

@ghost
Copy link

ghost commented Dec 22, 2021
edited by ghost
Loading

@finger563

We already have an MR for this and other tiny bugs of HID internal, but we have to have a throughout test but the test is not all pass.

Please wait for our update.

Thanks

@espressif-bot espressif-bot added Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally Resolution: Done Issue is done internally and removed Status: In Progress Work is in progress Resolution: NA Issue resolution is unavailable labels Jan 7, 2022
espressif-bot pushed a commit that referenced this issue Jan 28, 2022
@BetterJincheng
fix on esp_hidh report map length checking function
629bd67 
Closes #7586
dskulina pushed a commit to playable-tech/esp-idf that referenced this issue Feb 4, 2022
@BetterJincheng @dskulina
fix on esp_hidh report map length checking function
756fa8e 
Closes espressif#7586
dskulina pushed a commit to playable-tech/esp-idf that referenced this issue Feb 5, 2022
@BetterJincheng @dskulina
fix on esp_hidh report map length checking function
92ffcf5 
Closes espressif#7586
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@finger563 @guo-max @espressif-bot