On Thu, 30 Jul 2020 00:18:29 +0200, Gustavo A. R. Silva wrote: > > Make use of the flex_array_size() helper to calculate the size of a > flexible array member within an enclosing structure. > > This helper offers defense-in-depth against potential integer overflows > and makes it explicitly clear that we are dealing with a flexible array > member. > > Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> > --- > sound/core/vmaster.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/sound/core/vmaster.c b/sound/core/vmaster.c > index ab36f9898711..21ce4082cb5f 100644 > --- a/sound/core/vmaster.c > +++ b/sound/core/vmaster.c > @@ -262,7 +262,8 @@ int _snd_ctl_add_follower(struct snd_kcontrol *master, > return -ENOMEM; > srec->kctl = follower; > srec->follower = *follower; > - memcpy(srec->follower.vd, follower->vd, follower->count * sizeof(*follower->vd)); > + memcpy(srec->follower.vd, follower->vd, flex_array_size(srec, follower.vd, > + srec->follower.count)); Changing from follower->count to srec->follower.count isn't obvious, so it should have been mentioned in the log; other than that, the code change looks good. But since the API isn't in Linus tree yet, I'll postpone the merge until the API reaches to upstream. Maybe I can merge this during RC1 merge window, as those are trivial. BTW, looking at those patterns, I wonder whether it'd make sense to make the whole memset() call as a macro like safe_copy_array(srec->follower.vd, follower->vd, follower->count); ? thanks, Takashi