| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF6CsJwg8EFtCT+zyKWex=RbWu4TyZanbXnqip=J7=sCZDab5Q@mail.gmail.com>
Date: Tue, 13 Jan 2026 16:07:02 +0530
From: Anubhav Kokane <dev.anubhavk@...il.com>
To: Andy Shevchenko <andriy.shevchenko@...el.com>
Cc: hansg@...nel.org, mchehab@...nel.org, andy@...nel.org,
sakari.ailus@...ux.intel.com, gregkh@...uxfoundation.org,
linux-media@...r.kernel.org, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: media: atomisp: refactor sizeof(struct type) to sizeof(*ptr)
On Tue, Jan 13, 2026 at 12:44 AM Andy Shevchenko wrote:
> the preferred way is to switch to use kcalloc() in all three places.
>
> x = kcalloc(count, sizeof(*...), ...);
> if (!x)
> ...handle error...
>
> while (count--) {
> ...
> }
> ...
> err:
> list_for_each... {
> ...
> }
> kfree(x);
>
Hi Andy,
Thank you for the feedback.
I looked into implementing kcalloc() as suggested. But the issue is struct
atomisp_s3a_buf (and the other buffers) are defined as list nodes with
struct list_head list embedded in them. The driver relies on adding these
individually to asd->s3a_stats and freeing them individually using kfree()
in multiple cleanup paths (including error path here).
Switching to kcalloc() would mean the s3a_buf is no longer a standalone
object but a slice of an array. This would lead to invalid or double frees
if the existing code tries kfree() on this array element.
Addressing this requires a larger refactor of the buffer management logic
across the driver, would you prefer I stick to the sizeof(*ptr) hardening for
now to fix the checkpatch warning?
Regards,
Anubhav
Powered by blists - more mailing lists