Re: [PATCH] iwlwifi: d3: use struct_size() in kzalloc()

From: Joe Perches
Date: Fri Aug 24 2018 - 00:33:33 EST

Next message: Mike Galbraith: "Re: [PATCH] x86, kdump: Fix efi=noruntime NULL pointer dereference"
Previous message: Masahiro Yamada: "Re: [PATCH v3] modules_install: make missing $DEPMOD a warning instead of an error"
Next in thread: Gustavo A. R. Silva: "Re: [PATCH] iwlwifi: d3: use struct_size() in kzalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2018-08-23 at 20:03 -0700, Kees Cook wrote:
> On Thu, Aug 23, 2018 at 6:15 PM, Gustavo A. R. Silva
> <gustavo@xxxxxxxxxxxxxx> wrote:
> > One of the more common cases of allocation size calculations is finding
> > the size of a structure that has a zero-sized array at the end, along
> > with memory for some number of elements for that array. For example:
> >
> > struct foo {
> > int stuff;
> > void *entry[];
> > };

Question for Gustavo.

Did you find any existing instances that are miscalculated?

I believe there are some cases like:

size = sizeof(struct foo) + count * sizeof(something);
ptr = kmalloc(size);
memset(ptr + sizeof(struct foo), 0, size - sizeof(struct foo));

where something could go wrong and not be detected.

Next message: Mike Galbraith: "Re: [PATCH] x86, kdump: Fix efi=noruntime NULL pointer dereference"
Previous message: Masahiro Yamada: "Re: [PATCH v3] modules_install: make missing $DEPMOD a warning instead of an error"
Next in thread: Gustavo A. R. Silva: "Re: [PATCH] iwlwifi: d3: use struct_size() in kzalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]