On Wed, Sep 07, 2022 at 07:55:44PM +0100, Gustavo A. R. Silva wrote: > In preparation for FORTIFY_SOURCE performing run-time destination buffer > bounds checking for memcpy(), specify the destination output buffer > explicitly, instead of asking memcpy() to write past the end of what looked > like a fixed-size object. > > Notice that raw_frame is a pointer to a structure that contains > flexible-array member rawframe[]: > > drivers/media/usb/pwc/pwc.h: > 190 struct pwc_raw_frame { > 191 __le16 type; /* type of the webcam */ > 192 __le16 vbandlength; /* Size of 4 lines compressed (used by the > 193 decompressor) */ > 194 __u8 cmd[4]; /* the four byte of the command (in case of > 195 nala, only the first 3 bytes is filled) */ > 196 __u8 rawframe[]; /* frame_size = H / 4 * vbandlength */ > 197 } __packed; > > Link: https://github.com/KSPP/linux/issues/200 > Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> Thanks! Yeah, this looks very similar to other transformations like this. And this one even had the flex array already! :) Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook