The patch titled
Subject: lib/vsprintf.c: remove accidental VLA usage
has been removed from the -mm tree. Its filename was
vsprintf-remove-accidental-vla-usage.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: lib/vsprintf.c: remove accidental VLA usage
The "sym" calculation is actually a fixed size, but since the max() macro
uses some extensive tricks for safety, it ends up looking like a variable
size. This replaces max() with a simple max macro which is sufficient for
the calculation of the array size.
Seen with -Wvla. Fixed as part of the directive to remove all VLAs from
the kernel: https://lkml.org/lkml/2018/3/7/621
[akpm@xxxxxxxxxxxxxxxxxxxx: add comment]
Link: http://lkml.kernel.org/r/20180307230714.GA20797@beast
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc; "Tobin C. Harding" <me@xxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Pantelis Antoniou <pantelis.antoniou@xxxxxxxxxxxx>
Cc: Petr Mladek <pmladek@xxxxxxxx>
Cc: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>
Cc: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx>
Cc: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
diff -puN lib/vsprintf.c~vsprintf-remove-accidental-vla-usage lib/vsprintf.c
--- a/lib/vsprintf.c~vsprintf-remove-accidental-vla-usage
+++ a/lib/vsprintf.c
@@ -754,8 +754,10 @@ char *resource_string(char *buf, char *e
#define FLAG_BUF_SIZE (2 * sizeof(res->flags))
#define DECODED_BUF_SIZE sizeof("[mem - 64bit pref window disabled]")
#define RAW_BUF_SIZE sizeof("[mem - flags 0x]")
- char sym[max(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE,
- 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)];
+/* regular max() tricks gcc into creating a variable length array */
+#define SIMPLE_MAX(x, y) ((x) > (y) ? (x) : (y))
+ char sym[SIMPLE_MAX(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE,
+ 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)];
char *p = sym, *pend = sym + sizeof(sym);
int decode = (fmt[0] == 'R') ? 1 : 0;
_
Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are
bug-use-%pb-in-bug-and-stack-protector-failure.patch
bug-exclude-non-bug-warn-exceptions-from-report_bug.patch
taint-convert-to-indexed-initialization.patch
taint-consolidate-documentation.patch
taint-add-taint-for-randstruct.patch
test_bitmap-do-not-accidentally-use-stack-vla.patch
fork-unconditionally-clear-stack-on-fork.patch
exec-pass-stack-rlimit-into-mm-layout-functions.patch
exec-introduce-finalize_exec-before-start_thread.patch
exec-pin-stack-limit-during-exec.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
