| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Feb 2022 01:56:06 +0000
From: cgel.zte@...il.com
To: kvalo@...nel.org
Cc: davem@...emloft.net, kuba@...nel.org, wcn36xx@...ts.infradead.org,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
"Minghao Chi (CGEL ZTE)" <chi.minghao@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: [PATCH V2] wcn36xx: use struct_size over open coded arithmetic
From: "Minghao Chi (CGEL ZTE)" <chi.minghao@....com.cn>
Replace zero-length array with flexible-array member and make use
of the struct_size() helper in kmalloc(). For example:
struct wcn36xx_hal_ind_msg {
struct list_head list;
size_t msg_len;
u8 msg[];
};
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
Reported-by: Zeal Robot <zealci@....com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@....com.cn>
---
drivers/net/wireless/ath/wcn36xx/smd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c
index caeb68901326..59ad332156ae 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.c
+++ b/drivers/net/wireless/ath/wcn36xx/smd.c
@@ -3347,7 +3347,7 @@ int wcn36xx_smd_rsp_process(struct rpmsg_device *rpdev,
case WCN36XX_HAL_DELETE_STA_CONTEXT_IND:
case WCN36XX_HAL_PRINT_REG_INFO_IND:
case WCN36XX_HAL_SCAN_OFFLOAD_IND:
- msg_ind = kmalloc(sizeof(*msg_ind) + len, GFP_ATOMIC);
+ msg_ind = kmalloc(struct_size(msg_ind, msg, len), GFP_ATOMIC);
if (!msg_ind) {
wcn36xx_err("Run out of memory while handling SMD_EVENT (%d)\n",
msg_header->msg_type);
--
2.25.1
Powered by blists - more mailing lists