Commit d7db259bd6df ("HID: core: factor out hid_parse_collections()")
reworked collection parsing code and inadvertently allowed returning
"success" when parsing 0-sized reports where old code returned -EINVAL.

Restore the original behavior by doing an explicit check.

Note that the error message now differs from the generic "item fetching
failed at offset %u/%u" that is now used only for non-empty descriptors.

Fixes: d7db259bd6df ("HID: core: factor out hid_parse_collections()")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
 drivers/hid/hid-core.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index b40953e0f52e..be9d2b3356c3 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1272,6 +1272,11 @@ static int hid_parse_collections(struct hid_device *device)
 		device->collection[i].parent_idx = -1;
 
 	ret = -EINVAL;
+	if (start == end) {
+		hid_err(device, "rejecting 0-sized report descriptor\n");
+		goto out;
+	}
+
 	while ((next = fetch_item(start, end, &item)) != NULL) {
 		start = next;
 
-- 
2.53.0.1185.g05d4b7b318-goog


-- 
Dmitry