From 5cbfa0d0b1d8eaa72ea08616dd17005cae5da4e8 Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Thu, 30 May 2024 17:38:33 +0800
Subject: [PATCH] fix incorrect variable type and unalignments when dumping hid
 device descriptor

---
 ...rrect-length-value-in-hid-descriptor.patch | 64 +++++++++++++++++++
 ...alignments-in-hid-device-descripptor.patch | 43 +++++++++++++
 usbutils.spec                                 |  7 +-
 3 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 0002-Fix-an-incorrect-length-value-in-hid-descriptor.patch
 create mode 100644 0003-Fix-misalignments-in-hid-device-descripptor.patch

diff --git a/0002-Fix-an-incorrect-length-value-in-hid-descriptor.patch b/0002-Fix-an-incorrect-length-value-in-hid-descriptor.patch
new file mode 100644
index 0000000..349146b
--- /dev/null
+++ b/0002-Fix-an-incorrect-length-value-in-hid-descriptor.patch
@@ -0,0 +1,64 @@
+From 5d7d3d14b660ef453e657dc661a380649e6f0f7d Mon Sep 17 00:00:00 2001
+From: Dingyan Li <18500469033@163.com>
+Date: Thu, 30 May 2024 17:31:36 +0800
+Subject: [PATCH] Fix an incorrect length value in hid descriptor.
+
+While dumping descriptors of a USB hid device, I saw a weird line:
+'Report Descriptor: (length is -1)'
+
+This is because variable 'n' is used to hold a potential negative
+integer value even though it's an unsigned int type in function
+dump_hid_device. When usb_control_msg() fails, overflow happens.
+It will always pass the 'if' statement below and call dump_report_desc(),
+where this weird line finally shows up.
+
+To fix it, an int type should be used to avoid overflow.
+
+Signed-off-by: Dingyan Li <18500469033@163.com>
+---
+ lsusb.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lsusb.c b/lsusb.c
+index 80503e4..6788982 100644
+--- a/lsusb.c
++++ b/lsusb.c
+@@ -2438,8 +2438,7 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 			    const struct libusb_interface_descriptor *interface,
+ 			    const unsigned char *buf)
+ {
+-	unsigned int i, len;
+-	unsigned int n;
++	int i, len;
+ 	unsigned char dbuf[8192];
+ 
+ 	if (buf[1] != LIBUSB_DT_HID)
+@@ -2474,13 +2473,13 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 		if (buf[6+3*i] != LIBUSB_DT_REPORT)
+ 			continue;
+ 		len = buf[7+3*i] | (buf[8+3*i] << 8);
+-		if (len > (unsigned int)sizeof(dbuf)) {
++		if (len > (int)sizeof(dbuf)) {
+ 			printf("report descriptor too long\n");
+ 			continue;
+ 		}
+ 		if (libusb_claim_interface(dev, interface->bInterfaceNumber) == 0) {
+ 			int retries = 4;
+-			n = 0;
++			int n = 0;
+ 			while (n < len && retries--)
+ 				n = usb_control_msg(dev,
+ 					 LIBUSB_ENDPOINT_IN | LIBUSB_REQUEST_TYPE_STANDARD
+@@ -2495,6 +2494,9 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 				if (n < len)
+ 					printf("          Warning: incomplete report descriptor\n");
+ 				dump_report_desc(dbuf, n);
++			} else {
++				printf("          Warning: can't get report descriptor, %s\n",
++						  libusb_error_name(n));
+ 			}
+ 			libusb_release_interface(dev, interface->bInterfaceNumber);
+ 		} else {
+-- 
+2.33.0
+
diff --git a/0003-Fix-misalignments-in-hid-device-descripptor.patch b/0003-Fix-misalignments-in-hid-device-descripptor.patch
new file mode 100644
index 0000000..759b244
--- /dev/null
+++ b/0003-Fix-misalignments-in-hid-device-descripptor.patch
@@ -0,0 +1,43 @@
+From 4a677f085bb7b594287f9b7d598bba6c6c341fab Mon Sep 17 00:00:00 2001
+From: Dingyan Li <18500469033@163.com>
+Date: Thu, 30 May 2024 17:34:09 +0800
+Subject: [PATCH] Fix misalignments in hid device descripptor.
+
+Extra spaces should be added when printing below lines:
+'Report Descriptors:
+   ** UNAVAILABLE **'
+
+Signed-off-by: Dingyan Li <18500469033@163.com>
+---
+ lsusb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lsusb.c b/lsusb.c
+index 6788982..0801e13 100644
+--- a/lsusb.c
++++ b/lsusb.c
+@@ -2463,8 +2463,8 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 		return;
+ 
+ 	if (!dev) {
+-		printf("         Report Descriptors: \n"
+-		       "           ** UNAVAILABLE **\n");
++		printf("          Report Descriptors: \n"
++		       "            ** UNAVAILABLE **\n");
+ 		return;
+ 	}
+ 
+@@ -2503,8 +2503,8 @@ static void dump_hid_device(libusb_device_handle *dev,
+ 			/* recent Linuxes require claim() for RECIP_INTERFACE,
+ 			 * so "rmmod hid" will often make these available.
+ 			 */
+-			printf("         Report Descriptors: \n"
+-			       "           ** UNAVAILABLE **\n");
++			printf("          Report Descriptors: \n"
++			       "            ** UNAVAILABLE **\n");
+ 		}
+ 	}
+ }
+-- 
+2.33.0
+
diff --git a/usbutils.spec b/usbutils.spec
index c49e2a7..670db38 100644
--- a/usbutils.spec
+++ b/usbutils.spec
@@ -1,6 +1,6 @@
 Name:    usbutils
 Version: 012
-Release: 5
+Release: 6
 Summary: Linux utilities for USB device
 License: GPLv2+
 URL:     http://www.linux-usb.org/
@@ -11,6 +11,8 @@ Source2: GPL-3.0.txt
 
 BuildRequires: libusbx-devel systemd-devel gcc libtool
 Patch1:  0001-usbmisc-initialize-string-buffer-before-reading-from.patch
+Patch2:  0002-Fix-an-incorrect-length-value-in-hid-descriptor.patch
+Patch3:  0003-Fix-misalignments-in-hid-device-descripptor.patch
 
 Requires: hwdata
 
@@ -47,6 +49,9 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_defaultlicensedir}/%{name}/GPL-3.0.t
 %{_mandir}/*/*
 
 %changelog
+* Thu May 30 2024 cenhuilin <cenhuilin@kylinos.cn> - 012-6
+- lsusb: fix incorrect variable type and unalignments when dumping hid device descriptor
+
 * Tue Sep 28 2021 Wenchao Hao <haowenchao@huawei.com> - 012-5
 - Nothing but to sync master and LTS branch
 
-- 
Gitee