kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   678063aa1425c5fee2dc993e6cd635f549601f8b
  2.   patches.suse
  3.   ALSA-usb-audio-scarlett2-Use-struct_size-helper-in-s.patch
Blob Blame History Raw 
From 2b101256fd552bf2e29980d51394ebd88737159c Mon Sep 17 00:00:00 2001
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Date: Thu, 20 Jan 2022 15:16:00 -0600
Subject: [PATCH] ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb()
Git-commit: 2b101256fd552bf2e29980d51394ebd88737159c
Patch-mainline: v5.18-rc1
References: git-fixes

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worst scenario, could lead to heap overflows.

Also, address the following sparse warnings:
sound/usb/mixer_scarlett_gen2.c:1064:28: warning: using sizeof on a flexible structure
sound/usb/mixer_scarlett_gen2.c:1065:29: warning: using sizeof on a flexible structure

Link: https://github.com/KSPP/linux/issues/174
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220120211600.GA28841@embeddedor
Signed-off-by: Takashi Iwai <tiwai@suse.de>

---
 sound/usb/mixer_scarlett_gen2.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sound/usb/mixer_scarlett_gen2.c b/sound/usb/mixer_scarlett_gen2.c
index 53ebabf42472..7ff8a4817c67 100644
--- a/sound/usb/mixer_scarlett_gen2.c
+++ b/sound/usb/mixer_scarlett_gen2.c
@@ -1061,9 +1061,9 @@ static int scarlett2_usb(
 {
 	struct scarlett2_data *private = mixer->private_data;
 	struct usb_device *dev = mixer->chip->dev;
-	u16 req_buf_size = sizeof(struct scarlett2_usb_packet) + req_size;
-	u16 resp_buf_size = sizeof(struct scarlett2_usb_packet) + resp_size;
 	struct scarlett2_usb_packet *req, *resp = NULL;
+	size_t req_buf_size = struct_size(req, data, req_size);
+	size_t resp_buf_size = struct_size(resp, data, resp_size);
 	int err;
 
 	req = kmalloc(req_buf_size, GFP_KERNEL);
@@ -1111,7 +1111,7 @@ static int scarlett2_usb(
 		usb_audio_err(
 			mixer->chip,
 			"Scarlett Gen 2/3 USB response result cmd %x was %d "
-			"expected %d\n",
+			"expected %zu\n",
 			cmd, err, resp_buf_size);
 		err = -EINVAL;
 		goto unlock;
-- 
2.35.3
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.