On 26.08.2020 18:28, Greg Kroah-Hartman wrote:
> On Wed, Aug 26, 2020 at 07:24:13PM +0300, Andy Shevchenko wrote:
>> Inadvertently the commit b1cd1b65afba ("USB: gadget: u_f: add overflow checks
>> to VLA macros") makes VLA macros to always return 0 due to different scope of
>> two variables of the same name. Obviously we need to have only one.
>>
>> Fixes: b1cd1b65afba ("USB: gadget: u_f: add overflow checks to VLA macros")
>> Cc: stable <stable@xxxxxxxxxx>
>> Reported-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
>> Tested-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
>> Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
>> ---
>> drivers/usb/gadget/u_f.h | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/usb/gadget/u_f.h b/drivers/usb/gadget/u_f.h
>> index df4e1dcb357d..0b5c5f0dd073 100644
>> --- a/drivers/usb/gadget/u_f.h
>> +++ b/drivers/usb/gadget/u_f.h
>> @@ -25,8 +25,8 @@
>> size_t offset = 0; \
>> if (groupname##__next != SIZE_MAX) { \
>> size_t align_mask = __alignof__(type) - 1; \
>> - size_t offset = (groupname##__next + align_mask) \
>> - & ~align_mask; \
>> + offset = (groupname##__next + align_mask) & \
>> + ~align_mask; \
>> size_t size = array_size(n, sizeof(type)); \
>> if (check_add_overflow(offset, size, \
>> &groupname##__next)) { \
>> @@ -43,8 +43,8 @@
>> size_t offset = 0; \
>> if (groupname##__next != SIZE_MAX) { \
>> size_t align_mask = __alignof__(type) - 1; \
>> - size_t offset = (groupname##__next + align_mask) \
>> - & ~align_mask; \
>> + offset = (groupname##__next + align_mask) & \
>> + ~align_mask; \
>> if (check_add_overflow(offset, groupname##_##name##__sz,\
>> &groupname##__next)) { \
>> groupname##__next = SIZE_MAX; \
> This patch, while maybe fixing the issue, has a bunch of build warnings
> so I can't take it as-is:
That's why I said that I've moved offset assignment in the first part of
the patch after size_t size = array_size(n, sizeof(type));
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
