USB: gadget: u_f: add overflow checks to VLA macros - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Brooke Basile <brookebasile@gmail.com>	2020-08-25 16:05:08 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-08-25 17:02:29 +0300
commit	b1cd1b65afba95971fa457dfdb2c941c60d38c5b (patch)
tree	efcb72facdda141d12b4f43b1cf6279d5cfa49c1 /net/unix/af_unix.c
parent	f1ec7ae6c9f8c016db320e204cb519a1da1581b8 (diff)
download	linux-b1cd1b65afba95971fa457dfdb2c941c60d38c5b.tar.xz

USB: gadget: u_f: add overflow checks to VLA macros

size can potentially hold an overflowed value if its assigned expression is left unchecked, leading to a smaller than needed allocation when vla_group_size() is used by callers to allocate memory. To fix this, add a test for saturation before declaring variables and an overflow check to (n) * sizeof(type). If the expression results in overflow, vla_group_size() will return SIZE_MAX. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Brooke Basile <brookebasile@gmail.com> Acked-by: Felipe Balbi <balbi@kernel.org> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: