On Thu, Jan 20, 2022 at 03:24:34PM -0600, Gustavo A. R. Silva wrote: > Make use of the struct_size() helper instead of an open-coded version, > in order to avoid any potential type mistakes or integer overflows that, > in the worst scenario, could lead to heap overflows. > > Also, address the following sparse warnings: > drivers/media/usb/pwc/pwc-uncompress.c:44:44: warning: using sizeof on a flexible structure > > Link: https://github.com/KSPP/linux/issues/174 > Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> Yup, happy to see these getting changed. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > drivers/media/usb/pwc/pwc-uncompress.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/usb/pwc/pwc-uncompress.c b/drivers/media/usb/pwc/pwc-uncompress.c > index 68bc3829c6b3..faf44cdeb268 100644 > --- a/drivers/media/usb/pwc/pwc-uncompress.c > +++ b/drivers/media/usb/pwc/pwc-uncompress.c > @@ -41,7 +41,7 @@ int pwc_decompress(struct pwc_device *pdev, struct pwc_frame_buf *fbuf) > memcpy(raw_frame->cmd, pdev->cmd_buf, 4); > memcpy(raw_frame+1, yuv, pdev->frame_size); > vb2_set_plane_payload(&fbuf->vb.vb2_buf, 0, > - pdev->frame_size + sizeof(struct pwc_raw_frame)); > + struct_size(raw_frame, rawframe, pdev->frame_size)); > return 0; > } > > -- > 2.27.0 > -- Kees Cook
