From 776e90e360702e221325992e62af598631ed74e6 Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Thu, 30 May 2024 17:20:13 +0800
Subject: [PATCH] fix incorrect variable type and unalignments when dumping hid
 device descriptor

---
 ...rrect-length-value-in-hid-descriptor.patch | 64 +++++++++++++++++++
 ...alignments-in-hid-device-descripptor.patch | 43 +++++++++++++
 usbutils.spec                                 |  7 +-
 3 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 0004-Fix-an-incorrect-length-value-in-hid-descriptor.patch
 create mode 100644 0005-Fix-misalignments-in-hid-device-descripptor.patch

diff --git a/0004-Fix-an-incorrect-length-value-in-hid-descriptor.patch b/0004-Fix-an-incorrect-length-value-in-hid-descriptor.patch
new file mode 100644
index 0000000..8e940c0
--- /dev/null
+++ b/0004-Fix-an-incorrect-length-value-in-hid-descriptor.patch
@@ -0,0 +1,64 @@
+From 5d7d3d14b660ef453e657dc661a380649e6f0f7d Mon Sep 17 00:00:00 2001
+From: Dingyan Li <18500469033@163.com>
+Date: Thu, 30 May 2024 17:04:55 +0800
+Subject: [PATCH] Fix an incorrect length value in hid descriptor.
+
+While dumping descriptors of a USB hid device, I saw a weird line:
+'Report Descriptor: (length is -1)'
+
+This is because variable 'n' is used to hold a potential negative
+integer value even though it's an unsigned int type in function
+dump_hid_device. When usb_control_msg() fails, overflow happens.
+It will always pass the 'if' statement below and call dump_report_desc(),
+where this weird line finally shows up.
+
+To fix it, an int type should be used to avoid overflow.
+
+Signed-off-by: Dingyan Li <18500469033@163.com>
+---
+ lsusb.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lsusb.c b/lsusb.c
+index fd59019..36c9024 100644
+--- a/lsusb.c
++++ b/lsusb.c
+@@ -2438,8 +2438,7 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 			    const struct libusb_interface_descriptor *interface,
+ 			    const unsigned char *buf)
+ {
+-	unsigned int i, len;
+-	unsigned int n;
++	int i, len;
+ 	unsigned char dbuf[8192];
+ 
+ 	if (buf[1] != LIBUSB_DT_HID)
+@@ -2474,13 +2473,13 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 		if (buf[6+3*i] != LIBUSB_DT_REPORT)
+ 			continue;
+ 		len = buf[7+3*i] | (buf[8+3*i] << 8);
+-		if (len > (unsigned int)sizeof(dbuf)) {
++		if (len > (int)sizeof(dbuf)) {
+ 			printf("report descriptor too long\n");
+ 			continue;
+ 		}
+ 		if (libusb_claim_interface(dev, interface->bInterfaceNumber) == 0) {
+ 			int retries = 4;
+-			n = 0;
++			int n = 0;
+ 			while (n < len && retries--)
+ 				n = usb_control_msg(dev,
+ 					 LIBUSB_ENDPOINT_IN | LIBUSB_REQUEST_TYPE_STANDARD
+@@ -2495,6 +2494,9 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 				if (n < len)
+ 					printf("          Warning: incomplete report descriptor\n");
+ 				dump_report_desc(dbuf, n);
++			} else {
++				printf("          Warning: can't get report descriptor, %s\n",
++						  libusb_error_name(n));
+ 			}
+ 			libusb_release_interface(dev, interface->bInterfaceNumber);
+ 		} else {
+-- 
+2.33.0
+
diff --git a/0005-Fix-misalignments-in-hid-device-descripptor.patch b/0005-Fix-misalignments-in-hid-device-descripptor.patch
new file mode 100644
index 0000000..ac369eb
--- /dev/null
+++ b/0005-Fix-misalignments-in-hid-device-descripptor.patch
@@ -0,0 +1,43 @@
+From 4a677f085bb7b594287f9b7d598bba6c6c341fab Mon Sep 17 00:00:00 2001
+From: Dingyan Li <18500469033@163.com>
+Date: Thu, 30 May 2024 17:11:17 +0800
+Subject: [PATCH] Fix misalignments in hid device descripptor.
+
+Extra spaces should be added when printing below lines:
+'Report Descriptors:
+   ** UNAVAILABLE **'
+
+Signed-off-by: Dingyan Li <18500469033@163.com>
+---
+ lsusb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lsusb.c b/lsusb.c
+index 36c9024..e0892ce 100644
+--- a/lsusb.c
++++ b/lsusb.c
+@@ -2463,8 +2463,8 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 		return;
+ 
+ 	if (!dev) {
+-		printf("         Report Descriptors: \n"
+-		       "           ** UNAVAILABLE **\n");
++		printf("          Report Descriptors: \n"
++		       "            ** UNAVAILABLE **\n");
+ 		return;
+ 	}
+ 
+@@ -2503,8 +2503,8 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 			/* recent Linuxes require claim() for RECIP_INTERFACE,
+ 			 * so "rmmod hid" will often make these available.
+ 			 */
+-			printf("         Report Descriptors: \n"
+-			       "           ** UNAVAILABLE **\n");
++			printf("          Report Descriptors: \n"
++			       "            ** UNAVAILABLE **\n");
+ 		}
+ 	}
+ }
+-- 
+2.33.0
+
diff --git a/usbutils.spec b/usbutils.spec
index 5774ddd..1893aab 100644
--- a/usbutils.spec
+++ b/usbutils.spec
@@ -1,6 +1,6 @@
 Name:    usbutils
 Version: 014
-Release: 3
+Release: 4
 Summary: Linux utilities for USB device
 License: GPLv2+
 URL:     http://www.linux-usb.org/
@@ -12,6 +12,8 @@ Source2: GPL-3.0.txt
 Patch1:  0001-Fix-an-runtime-error-reported-by-undefind-sanitizer.patch
 Patch2:  0002-lsusb-h-returns-an-error.patch
 patch3:  0003-lsusb-h-fixups.patch
+patch4:  0004-Fix-an-incorrect-length-value-in-hid-descriptor.patch
+patch5:  0005-Fix-misalignments-in-hid-device-descripptor.patch
 
 BuildRequires: libusbx-devel systemd-devel gcc autoconf automake libtool
 Requires: hwdata
@@ -48,6 +50,9 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_defaultlicensedir}/%{name}/GPL-3.0.t
 %{_mandir}/*/*
 
 %changelog
+* Thu May 30 2024 cenhuilin <cenhuilin@kylinos.cn> - 014-4
+- lsusb: fix incorrect variable type and unalignments when dumping hid device descriptor
+
 * Sun Jun 25 2023 zhanghongtao <zhanghongtao22@hiuawei.com> - 014-3
 - Fix 'lsusb -h' returns an error
 
-- 
Gitee