Replace one-element array with flexible-array member in struct aac_ciss_phys_luns_resp. Also, use the struct_size() helper to properly calculate the total size for allocation. This issue was found with the help of Coccinelle and audited and fixed, manually. Link: https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays Link: https://github.com/KSPP/linux/issues/79 Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> --- drivers/scsi/aacraid/aachba.c | 5 ++--- drivers/scsi/aacraid/aacraid.h | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c index b04d039da276..98100e28e95e 100644 --- a/drivers/scsi/aacraid/aachba.c +++ b/drivers/scsi/aacraid/aachba.c @@ -1823,13 +1823,12 @@ static inline void aac_free_safw_ciss_luns(struct aac_dev *dev) static int aac_get_safw_ciss_luns(struct aac_dev *dev) { int rcode = -ENOMEM; - int datasize; + size_t datasize; struct aac_srb *srbcmd; struct aac_srb_unit srbu; struct aac_ciss_phys_luns_resp *phys_luns; - datasize = sizeof(struct aac_ciss_phys_luns_resp) + - (AAC_MAX_TARGETS - 1) * sizeof(struct _ciss_lun); + datasize = struct_size(phys_luns, lun, AAC_MAX_TARGETS); phys_luns = kmalloc(datasize, GFP_KERNEL); if (phys_luns == NULL) goto out; diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h index 3733df77bc65..704440a96daa 100644 --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -321,7 +321,7 @@ struct aac_ciss_phys_luns_resp { u8 level3[2]; u8 level2[2]; u8 node_ident[16]; /* phys. node identifier */ - } lun[1]; /* List of phys. devices */ + } lun[]; /* List of phys. devices */ }; /* -- 2.27.0
