lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <s5h1rkte6ni.wl-tiwai@suse.de>
Date:   Thu, 30 Jul 2020 10:41:53 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
        alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] ALSA: vmaster: Use flex_array_size() helper in memcpy()

On Thu, 30 Jul 2020 00:18:29 +0200,
Gustavo A. R. Silva wrote:
> 
> Make use of the flex_array_size() helper to calculate the size of a
> flexible array member within an enclosing structure.
> 
> This helper offers defense-in-depth against potential integer overflows
> and makes it explicitly clear that we are dealing with a flexible array
> member.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
>  sound/core/vmaster.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/core/vmaster.c b/sound/core/vmaster.c
> index ab36f9898711..21ce4082cb5f 100644
> --- a/sound/core/vmaster.c
> +++ b/sound/core/vmaster.c
> @@ -262,7 +262,8 @@ int _snd_ctl_add_follower(struct snd_kcontrol *master,
>  		return -ENOMEM;
>  	srec->kctl = follower;
>  	srec->follower = *follower;
> -	memcpy(srec->follower.vd, follower->vd, follower->count * sizeof(*follower->vd));
> +	memcpy(srec->follower.vd, follower->vd, flex_array_size(srec, follower.vd,
> +								srec->follower.count));

Changing from follower->count to srec->follower.count isn't obvious,
so it should have been mentioned in the log; other than that, the code
change looks good.

But since the API isn't in Linus tree yet, I'll postpone the merge
until the API reaches to upstream.  Maybe I can merge this during RC1
merge window, as those are trivial.


BTW, looking at those patterns, I wonder whether it'd make sense to
make the whole memset() call as a macro like

	safe_copy_array(srec->follower.vd, follower->vd, follower->count);

?


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ