On Thu, Jun 01, 2023 at 07:30:12PM +0200, Christophe JAILLET wrote: > struct_size() checks for overflow, but assigning its result to just a u32 > may still overflow after a successful check. > > Use a size_t instead in order to be cleaner. > > Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> > --- > Based on analysis from Dan Carpenter on another patch (see [1]). > > [1]: https://lore.kernel.org/all/00e84595-e2c9-48ea-8737-18da34eaafbf@kili.mountain/ > --- > sound/soc/sof/ipc4-topology.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c > index db64e0cb8663..50faa4c88b97 100644 > --- a/sound/soc/sof/ipc4-topology.c > +++ b/sound/soc/sof/ipc4-topology.c > @@ -881,7 +881,7 @@ static int sof_ipc4_widget_setup_comp_process(struct snd_sof_widget *swidget) > /* allocate memory for base config extension if needed */ > if (process->init_config == SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) { > struct sof_ipc4_base_module_cfg_ext *base_cfg_ext; > - u32 ext_size = struct_size(base_cfg_ext, pin_formats, > + size_t ext_size = struct_size(base_cfg_ext, pin_formats, > swidget->num_input_pins + swidget->num_output_pins); The temptation would be to change the addition as well: size_t ext_size = struct_size(base_cfg_ext, pin_formats, size_add(swidget->num_input_pins, swidget->num_output_pins); These values can only be in the 0-8 range so it's not a real bug. Smatch cannot parse this data correctly to verify that it is safe. Maybe in two years Smatch will be able to. Probably a human who is unfamiliar with this code can figure out that it is safe within 15 minutes? I think the change to size_t doesn't hurt anyone and there isn't any downside to it. The size_add() change is slightly less readable than just adding the numbers but I think eventually people will just get used to it. regards, dan carpenter