15 Sep
2023
15 Sep
'23
9:14 p.m.
On Fri, Sep 15, 2023 at 01:09:11PM -0600, Gustavo A. R. Silva wrote:
If, for any reason, the open-coded arithmetic causes a wraparound, the protection that `struct_size()` adds against potential integer overflows is defeated. Fix this by hardening call to `struct_size()` with `size_add()`.
Fixes: f9efae954905 ("ASoC: SOF: ipc4-topology: Add support for base config extension") Signed-off-by: Gustavo A. R. Silva gustavoars@kernel.org
Reviewed-by: Kees Cook keescook@chromium.org
--
Kees Cook