Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix infinite loop issue in UsbGetFullHidDescriptor #640

Merged
merged 2 commits into from
Mar 4, 2025
Merged

Fix infinite loop issue in UsbGetFullHidDescriptor #640

merged 2 commits into from
Mar 4, 2025

Conversation

NishanthSanjeevi
Copy link
Contributor

@NishanthSanjeevi NishanthSanjeevi commented Mar 4, 2025
edited by makubacki
Loading

Description

UsbGetFullHidDescriptor does not check the Descriptor header length and this might result in an infinite loop if a bad descriptor is passed.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

How This Was Tested

Tested on Surface devices

Integration Instructions

N/A

@github-actions github-actions bot added the impact:non-functional Does not have a functional impact label Mar 4, 2025
@NishanthSanjeevi NishanthSanjeevi force-pushed the personal/nishanth/fix_infinite_loop branch from 0b74fb4 to 4811932 Compare March 4, 2025 01:08
@github-actions github-actions bot added the type:backport Backport changes in a dev branch PR to its release branch. label Mar 4, 2025
@makubacki makubacki added the type:bug Something isn't working label Mar 4, 2025
@makubacki makubacki requested review from makubacki, kuqin12 and apop5 March 4, 2025 01:13
@codecov-commenter
Copy link

codecov-commenter commented Mar 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 11.59%. Comparing base (915cfd7) to head (061e37b).
Report is 1 commits behind head on dev/202405.

Additional details and impacted files 
@@              Coverage Diff               @@
##           dev/202405     #640      +/-   ##
==============================================
- Coverage       11.59%   11.59%   -0.01%     
==============================================
  Files             132      132              
  Lines           21555    21558       +3     
  Branches         2546     2546              
==============================================
  Hits             2499     2499              
- Misses          19022    19025       +3     
  Partials           34       34
Flag Coverage Δ
HidPkg 2.80% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@makubacki makubacki removed the impact:non-functional Does not have a functional impact label Mar 4, 2025
joschock
joschock approved these changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@joschock joschock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this should happen with a USB-compliant descriptor buffer, but I think this is a good defense mechanism against buggy USB implementations.

@github-actions github-actions bot added the impact:non-functional Does not have a functional impact label Mar 4, 2025
@makubacki
Copy link
Member

I don't think this should happen with a USB-compliant descriptor buffer, but I think this is a good defense mechanism against buggy USB implementations.

I agree. Programmatically this case should be handled.

@kuqin12 kuqin12 enabled auto-merge (squash) March 4, 2025 01:44
@kuqin12 kuqin12 merged commit 1f14573 into microsoft:dev/202405 Mar 4, 2025
28 checks passed
ProjectMuBot pushed a commit that referenced this pull request Mar 4, 2025
@NishanthSanjeevi @ProjectMuBot
Fix infinite loop issue in UsbGetFullHidDescriptor (#640)
6f0de96 
## Description

UsbGetFullHidDescriptor does not check the Descriptor header length and
this might result in an infinite loop if a bad descriptor is passed.

- [ ] Impacts functionality?
- [ ] Impacts security?
- [ ] Breaking change?
- [ ] Includes tests?
- [ ] Includes documentation?
- [x] Backport to release branch?

## How This Was Tested

Tested on Surface devices

## Integration Instructions

N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@makubacki makubacki makubacki approved these changes

@joschock joschock joschock approved these changes

@kuqin12 kuqin12 kuqin12 approved these changes

@apop5 apop5 apop5 approved these changes

Assignees
No one assigned
Labels
impact:non-functional Does not have a functional impact type:backport Backport changes in a dev branch PR to its release branch. type:bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@NishanthSanjeevi @codecov-commenter @makubacki @joschock @kuqin12 @apop5