Kees Cook <keescook@xxxxxxxxxxxx> wrote: > struct mwifiex_ie_types_chan_list_param_set::chan_scan_param is treated > as a flexible array, so convert it into one so that it doesn't trip > the array bounds sanitizer[1]. Only a few places were using sizeof() > on the whole struct, so adjust those to follow the calculation pattern > to avoid including the trailing single element. > > Examining binary output differences doesn't appear to show any literal > size values changing, though it is obfuscated a bit by the compiler > adjusting register usage and stack spill slots, etc. > > Link: https://github.com/KSPP/linux/issues/51 [1] > Cc: Brian Norris <briannorris@xxxxxxxxxxxx> > Cc: Kalle Valo <kvalo@xxxxxxxxxx> > Cc: Dmitry Antipov <dmantipov@xxxxxxxxx> > Cc: Johannes Berg <johannes.berg@xxxxxxxxx> > Cc: zuoqilin <zuoqilin@xxxxxxxxxx> > Cc: Ruan Jinjie <ruanjinjie@xxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> > Cc: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> > Cc: linux-wireless@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> Patch applied to wireless-next.git, thanks. 14ddc470ba22 wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set -- https://patchwork.kernel.org/project/linux-wireless/patch/20240207103024.make.423-kees@xxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
