[10/10,next] scsi: aacraid: Replace one-element array with flexible-array member in struct user_sgmap
Commit Message
Replace one-element array with flexible-array member in struct
user_sgmap and refactor the rest of the code, accordingly.
Issue found with the help of Coccinelle and audited and fixed,
manually.
This results in no differences in binary output.
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/ClangBuiltLinux/linux/issues/1851
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
drivers/scsi/aacraid/aacraid.h | 2 +-
drivers/scsi/aacraid/commctrl.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Comments
On Wed, Jun 28, 2023 at 11:57:48AM -0600, Gustavo A. R. Silva wrote:
> Replace one-element array with flexible-array member in struct
> user_sgmap and refactor the rest of the code, accordingly.
>
> Issue found with the help of Coccinelle and audited and fixed,
> manually.
>
> This results in no differences in binary output.
Confirmed.
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/ClangBuiltLinux/linux/issues/1851
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
@@ -512,7 +512,7 @@ struct sgmap {
struct user_sgmap {
u32 count;
- struct user_sgentry sg[1];
+ struct user_sgentry sg[];
};
struct sgmap64 {
@@ -523,7 +523,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
goto cleanup;
}
- if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) ||
+ if ((fibsize < sizeof(struct user_aac_srb)) ||
(fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) {
rcode = -EINVAL;
goto cleanup;