commit 27743e2ca1db4935233edbf0ec76cbd0caee9133
author Daniel Rosenberg <drosen@google.com> Mon Mar 12 15:57:54 2018 -0700
committer chrmhoffmann <chrmhoffmann@gmail.com> Sat Apr 11 17:51:12 2020 +0200
tree 14ccec0e491075fbe256ee71b687107a734d5197
parent 1b4fcca7fb6276b6ad2e162d3fd61099ac7a2be1

ANDROID: HID: debug: check length in hid_debug_events_read() before copy_to_user()

If our length is greater than the size of the buffer, we
overflow the buffer

Change-Id: I113a1955a2bac83c83084d5cd28d886175673219
Bug: 71361580
Signed-off-by: Daniel Rosenberg <drosen@google.com>
CVE-2018-9516
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>