lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Sep 2020 17:11:11 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Marek Szyprowski <m.szyprowski@...sung.com>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Brooke Basile <brookebasile@...il.com>, stable <stable@...nel.org> Subject: [PATCH 4.19 116/125] USB: gadget: u_f: Unbreak offset calculation in VLAs From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com> commit bfd08d06d978d0304eb6f7855b548aa2cd1c5486 upstream. Inadvertently the commit b1cd1b65afba ("USB: gadget: u_f: add overflow checks to VLA macros") makes VLA macros to always return 0 due to different scope of two variables of the same name. Obviously we need to have only one. Fixes: b1cd1b65afba ("USB: gadget: u_f: add overflow checks to VLA macros") Reported-by: Marek Szyprowski <m.szyprowski@...sung.com> Tested-by: Marek Szyprowski <m.szyprowski@...sung.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com> Cc: Brooke Basile <brookebasile@...il.com> Cc: stable <stable@...nel.org> Link: https://lore.kernel.org/r/20200826192119.56450-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- drivers/usb/gadget/u_f.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -25,9 +25,9 @@ size_t offset = 0; \ if (groupname##__next != SIZE_MAX) { \ size_t align_mask = __alignof__(type) - 1; \ - size_t offset = (groupname##__next + align_mask) \ - & ~align_mask; \ size_t size = array_size(n, sizeof(type)); \ + offset = (groupname##__next + align_mask) & \ + ~align_mask; \ if (check_add_overflow(offset, size, \ &groupname##__next)) { \ groupname##__next = SIZE_MAX; \ @@ -43,8 +43,8 @@ size_t offset = 0; \ if (groupname##__next != SIZE_MAX) { \ size_t align_mask = __alignof__(type) - 1; \ - size_t offset = (groupname##__next + align_mask) \ - & ~align_mask; \ + offset = (groupname##__next + align_mask) & \ + ~align_mask; \ if (check_add_overflow(offset, groupname##_##name##__sz,\ &groupname##__next)) { \ groupname##__next = SIZE_MAX; \
Powered by blists - more mailing lists