HID: Bump maximum report size to 16384

This maximum is arbitrary. Recent Apple devices have some vendor-defined
reports with 16384 here which fail to parse without this, so let's bump
it to that.

This value is used as follows:

report->size += parser->global.report_size * parser->global.report_count;

[...]

/* Total size check: Allow for possible report index byte */
if (report->size > (max_buffer_size - 1) << 3) {
	hid_err(parser->device, "report is too long\n");
	return -1;
}

All of these fields are unsigned integers, and report_count is bounded
by HID_MAX_USAGES (12288). Therefore, as long as the respective maximums
do not overflow an unsigned integer (let's say a signed integer just in
case), we're safe. This holds for 16384.

Signed-off-by: Hector Martin <marcan@marcan.st>

Author: marcan

drivers/hid/hid-core.c

@@ -436,7 +436,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
 
 	case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
 		parser->global.report_size = item_udata(item);
-		if (parser->global.report_size > 256) {
+		/* Arbitrary maximum. Some Apple devices have 16384 here.
+		 * This * HID_MAX_USAGES must fit in a signed integer.
+		 */
+		if (parser->global.report_size > 16384) {
 			hid_err(parser->device, "invalid report_size %d\n",
 					parser->global.report_size);
 			return -1;