Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worse scenario, could lead to heap overflows.
Also, address the following sparse warning:
drivers/usb/host/ehci-sched.c:1168:40: warning: using sizeof on a flexible structure
Link: https://github.com/KSPP/linux/issues/160
Link: https://github.com/KSPP/linux/issues/174
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
drivers/usb/host/ehci-sched.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
index 0f85aa9b2fb1..bd542b6fc46b 100644
--- a/drivers/usb/host/ehci-sched.c
+++ b/drivers/usb/host/ehci-sched.c
@@ -1165,10 +1165,8 @@ static struct ehci_iso_sched *
iso_sched_alloc(unsigned packets, gfp_t mem_flags)
{
struct ehci_iso_sched *iso_sched;
- int size = sizeof(*iso_sched);
- size += packets * sizeof(struct ehci_iso_packet);
- iso_sched = kzalloc(size, mem_flags);
+ iso_sched = kzalloc(struct_size(iso_sched, packet, packets), mem_flags);
if (likely(iso_sched != NULL))
INIT_LIST_HEAD(&iso_sched->td_list);
--
2.27.0
On Tue, Jan 11, 2022 at 01:54:27AM -0600, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worse scenario, could lead to heap overflows.
>
> Also, address the following sparse warning:
> drivers/usb/host/ehci-sched.c:1168:40: warning: using sizeof on a flexible structure
>
> Link: https://github.com/KSPP/linux/issues/160
> Link: https://github.com/KSPP/linux/issues/174
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
> ---
Acked-by: Alan Stern <[email protected]>
> drivers/usb/host/ehci-sched.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
> index 0f85aa9b2fb1..bd542b6fc46b 100644
> --- a/drivers/usb/host/ehci-sched.c
> +++ b/drivers/usb/host/ehci-sched.c
> @@ -1165,10 +1165,8 @@ static struct ehci_iso_sched *
> iso_sched_alloc(unsigned packets, gfp_t mem_flags)
> {
> struct ehci_iso_sched *iso_sched;
> - int size = sizeof(*iso_sched);
>
> - size += packets * sizeof(struct ehci_iso_packet);
> - iso_sched = kzalloc(size, mem_flags);
> + iso_sched = kzalloc(struct_size(iso_sched, packet, packets), mem_flags);
> if (likely(iso_sched != NULL))
> INIT_LIST_HEAD(&iso_sched->td_list);
>
> --
> 2.27.0
>