| Message ID | 20220120212434.GA30630@embeddedor (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [next] media: usb: pwc-uncompress: Use struct_size() helper in pwc_decompress() | expand |
On Thu, Jan 20, 2022 at 03:24:34PM -0600, Gustavo A. R. Silva wrote: > Make use of the struct_size() helper instead of an open-coded version, > in order to avoid any potential type mistakes or integer overflows that, > in the worst scenario, could lead to heap overflows. > > Also, address the following sparse warnings: > drivers/media/usb/pwc/pwc-uncompress.c:44:44: warning: using sizeof on a flexible structure > > Link: https://github.com/KSPP/linux/issues/174 > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Yup, happy to see these getting changed. Reviewed-by: Kees Cook <keescook@chromium.org> > --- > drivers/media/usb/pwc/pwc-uncompress.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/usb/pwc/pwc-uncompress.c b/drivers/media/usb/pwc/pwc-uncompress.c > index 68bc3829c6b3..faf44cdeb268 100644 > --- a/drivers/media/usb/pwc/pwc-uncompress.c > +++ b/drivers/media/usb/pwc/pwc-uncompress.c > @@ -41,7 +41,7 @@ int pwc_decompress(struct pwc_device *pdev, struct pwc_frame_buf *fbuf) > memcpy(raw_frame->cmd, pdev->cmd_buf, 4); > memcpy(raw_frame+1, yuv, pdev->frame_size); > vb2_set_plane_payload(&fbuf->vb.vb2_buf, 0, > - pdev->frame_size + sizeof(struct pwc_raw_frame)); > + struct_size(raw_frame, rawframe, pdev->frame_size)); > return 0; > } > > -- > 2.27.0 >
diff --git a/drivers/media/usb/pwc/pwc-uncompress.c b/drivers/media/usb/pwc/pwc-uncompress.c index 68bc3829c6b3..faf44cdeb268 100644 --- a/drivers/media/usb/pwc/pwc-uncompress.c +++ b/drivers/media/usb/pwc/pwc-uncompress.c @@ -41,7 +41,7 @@ int pwc_decompress(struct pwc_device *pdev, struct pwc_frame_buf *fbuf) memcpy(raw_frame->cmd, pdev->cmd_buf, 4); memcpy(raw_frame+1, yuv, pdev->frame_size); vb2_set_plane_payload(&fbuf->vb.vb2_buf, 0, - pdev->frame_size + sizeof(struct pwc_raw_frame)); + struct_size(raw_frame, rawframe, pdev->frame_size)); return 0; }
Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worst scenario, could lead to heap overflows. Also, address the following sparse warnings: drivers/media/usb/pwc/pwc-uncompress.c:44:44: warning: using sizeof on a flexible structure Link: https://github.com/KSPP/linux/issues/174 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- drivers/media/usb/pwc/pwc-uncompress.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)