Re: [PATCH v2] iio: cros_ec: Fix the allocation size for cros_ec_command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 30, 2023 at 02:31:32PM +0800, Yiyuan Guo wrote:
> The struct cros_ec_command contains several integer fields and a
> trailing array. An allocation size neglecting the integer fields can
> lead to buffer overrun.
> 
> Signed-off-by: Yiyuan Guo <yguoaz@xxxxxxxxx>

You could attach my R-b tag as v2 has no major changes from v1.

> ---

Always a good practice to put changelog here.  Search "changelog" in [1].

[1]: https://www.kernel.org/doc/html/latest/process/submitting-patches.html

> @@ -253,8 +253,8 @@ int cros_ec_sensors_core_init(struct platform_device *pdev,
>  	platform_set_drvdata(pdev, indio_dev);
>  
>  	state->ec = ec->ec_dev;
> -	state->msg = devm_kzalloc(&pdev->dev,
> -				max((u16)sizeof(struct ec_params_motion_sense),
> +	state->msg = devm_kzalloc(&pdev->dev, sizeof(*state->msg) +
> +			max((u16)sizeof(struct ec_params_motion_sense),
>  				state->ec->max_response), GFP_KERNEL);

While looking at the patch again, I found a nit.  Please align the code by
adding an extra tab before "max".



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Input]     [Linux Kernel]     [Linux SCSI]     [X.org]

  Powered by Linux