struct_size() checks for overflow, but assigning its result to just a u32 may still overflow after a successful check. Use a size_t instead in order to be cleaner. Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> --- Based on analysis from Dan Carpenter on another patch (see [1]). [1]: https://lore.kernel.org/all/00e84595-e2c9-48ea-8737-18da34eaafbf@kili.mountain/ --- sound/soc/sof/ipc4-topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c index db64e0cb8663..50faa4c88b97 100644 --- a/sound/soc/sof/ipc4-topology.c +++ b/sound/soc/sof/ipc4-topology.c @@ -881,7 +881,7 @@ static int sof_ipc4_widget_setup_comp_process(struct snd_sof_widget *swidget) /* allocate memory for base config extension if needed */ if (process->init_config == SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) { struct sof_ipc4_base_module_cfg_ext *base_cfg_ext; - u32 ext_size = struct_size(base_cfg_ext, pin_formats, + size_t ext_size = struct_size(base_cfg_ext, pin_formats, swidget->num_input_pins + swidget->num_output_pins); base_cfg_ext = kzalloc(ext_size, GFP_KERNEL); -- 2.34.1
