Make use of the struct_size() and flex_array_size() helpers instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worst scenario, could lead to heap overflows. Also, address the following sparse warnings: drivers/usb/gadget/function/f_fs.c:922:23: warning: using sizeof on a flexible structure Link: https://github.com/KSPP/linux/issues/174 Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> --- drivers/usb/gadget/function/f_fs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 25ad1e97a458..7461d27e9604 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -919,12 +919,12 @@ static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile, data_len, ret); data_len -= ret; - buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL); + buf = kmalloc(struct_size(buf, storage, data_len), GFP_KERNEL); if (!buf) return -ENOMEM; buf->length = data_len; buf->data = buf->storage; - memcpy(buf->storage, data + ret, data_len); + memcpy(buf->storage, data + ret, flex_array_size(buf, storage, data_len)); /* * At this point read_buffer is NULL or READ_BUFFER_DROP (if -- 2.27.0
