On 2/28/2023 8:22 AM, Jacob Keller wrote: > This series fixes a few wireless drivers to use struct_size rather than open > coding some equivalent checks. This ensures that these size calculations > will not overflow but instead be bounded at SIZE_MAX. > > In the first case, the code is first converted to a flexible array, which > saves a few bytes of memory in addition to the fix with struct_size. > > These were caught with a coccinelle patch I recently posted at [1]. > > [1]: https://lore.kernel.org/all/20230227202428.3657443-1-jacob.e.keller@xxxxxxxxx/ > > Cc: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> > Cc: linux-wireless@xxxxxxxxxxxxxxx > > Jacob Keller (3): > wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[] > wifi: cfg80211: use struct_size and size_sub for payload length > wifi: nl80211: convert cfg80211_scan_request allocation to *_size > macros > > drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++-- > drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +-- > .../net/wireless/quantenna/qtnfmac/commands.c | 7 ++--- > net/wireless/nl80211.c | 26 ++++++++++--------- > 4 files changed, 22 insertions(+), 21 deletions(-) > ugh sorry for the spam.. the actual patches didn't get cc'd to linux-wireless. I've fixed that now. Thanks, Jake