| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220122165649.4c3a3f9e@jic23-huawei>
Date: Sat, 22 Jan 2022 16:56:49 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
Lars-Peter Clausen <lars@...afoo.de>,
linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] iio: hw_consumer: Use struct_size() helper in
kzalloc()
On Thu, 20 Jan 2022 15:33:14 -0800
Kees Cook <keescook@...omium.org> wrote:
> On Thu, Jan 20, 2022 at 04:52:43PM -0600, Gustavo A. R. Silva wrote:
> > Make use of the struct_size() helper instead of an open-coded version,
> > in order to avoid any potential type mistakes or integer overflows that,
> > in the worst scenario, could lead to heap overflows.
> >
> > Also, address the following sparse warnings:
> > drivers/iio/buffer/industrialio-hw-consumer.c:63:23: warning: using sizeof on a flexible structure
> >
> > Link: https://github.com/KSPP/linux/issues/174
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
>
> Looks good to me.
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
>
Good thing to tidy up, but I'm a little curious why I'm not
seeing these reports with latest sparse?
Ah. Found it via the report linked
CF='-Wflexible-array-sizeof'
Probably worth mentioned that in the patch descriptions. I've added it
to this one.
I'm still setting the sparse report even with this patch.
What am I missing?
Jonathan
Powered by blists - more mailing lists