| Message ID | 20210513193353.GA196565@embeddedor |
|---|---|
| State | New |
| Headers | show |
| Series | [next] usb: gadget: s3c-hsudc: Use struct_size() in devm_kzalloc() | expand |
"Gustavo A. R. Silva" <gustavoars@kernel.org> writes: > Make use of the struct_size() helper instead of an open-coded version, > in order to avoid any potential type mistakes or integer overflows > that, in the worse scenario, could lead to heap overflows. > > This code was detected with the help of Coccinelle and, audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Acked-by: Felipe Balbi <balbi@kernel.org> -- balbi
diff --git a/drivers/usb/gadget/udc/s3c-hsudc.c b/drivers/usb/gadget/udc/s3c-hsudc.c index 7bd5182ce3ef..89f1f8c9f02e 100644 --- a/drivers/usb/gadget/udc/s3c-hsudc.c +++ b/drivers/usb/gadget/udc/s3c-hsudc.c @@ -1220,9 +1220,8 @@ static int s3c_hsudc_probe(struct platform_device *pdev) struct s3c24xx_hsudc_platdata *pd = dev_get_platdata(&pdev->dev); int ret, i; - hsudc = devm_kzalloc(&pdev->dev, sizeof(struct s3c_hsudc) + - sizeof(struct s3c_hsudc_ep) * pd->epnum, - GFP_KERNEL); + hsudc = devm_kzalloc(&pdev->dev, struct_size(hsudc, ep, pd->epnum), + GFP_KERNEL); if (!hsudc) return -ENOMEM;
Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. This code was detected with the help of Coccinelle and, audited and fixed manually. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- drivers/usb/gadget/udc/s3c-hsudc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)