HID: pidff: Fix possible null pointer dereference

As reported by Dan Carpenter, if the axes_enable field wasn't found,
trying to find the axes themselves will result in a null pointer
dereference. This could only occur with a broken PID descriptor, but
it's worth protecting from.

Exit early if the axes_enable wasn't found AND add a gate to the
pidff_find_special_keys to exit early if the passed HID field is null.
This will protect again null dereferencing in the future and properly
return 0 found special keys.

Fixes: 1d72e7b ("HID: pidff: Add support for AXES_ENABLE field")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Tomasz Pakuła <tomasz.pakula.oficjalny@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>

Author: Lawstorant

drivers/hid/usbhid/hid-pidff.c

@@ -1194,6 +1194,9 @@ static int pidff_find_special_keys(int *keys, struct hid_field *fld,
 {
 	int found = 0;
 
+	if (!fld)
+		return 0;
+
 	for (int i = 0; i < count; i++) {
 		keys[i] = pidff_find_usage(fld, usage_page | usagetable[i]) + 1;
 		if (keys[i])
@@ -1299,19 +1302,21 @@ static int pidff_find_special_fields(struct pidff_device *pidff)
 		return -1;
 	}
 
-	if (!pidff->axes_enable)
+	if (!pidff->axes_enable) {
 		hid_info(pidff->hid, "axes enable field not found!\n");
-	else
-		hid_dbg(pidff->hid, "axes enable report count: %u\n",
-			pidff->axes_enable->report_count);
+		return 0;
+	}
+
+	hid_dbg(pidff->hid, "axes enable report count: %u\n",
+		pidff->axes_enable->report_count);
 
 	uint found = PIDFF_FIND_GENERAL_DESKTOP(direction_axis_id, axes_enable,
 						direction_axis);
 
 	pidff->axis_count = found;
 	hid_dbg(pidff->hid, "found direction axes: %u", found);
 
-	for (int i = 0; i < sizeof(pidff_direction_axis); i++) {
+	for (int i = 0; i < ARRAY_SIZE(pidff_direction_axis); i++) {
 		if (!pidff->direction_axis_id[i])
 			continue;