On Thu, Jun 01, 2023 at 07:30:12PM +0200, Christophe JAILLET wrote:
struct_size() checks for overflow, but assigning its result to just a u32 may still overflow after a successful check.
Use a size_t instead in order to be cleaner.
Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr
Based on analysis from Dan Carpenter on another patch (see [1]).
[1]: https://lore.kernel.org/all/00e84595-e2c9-48ea-8737-18da34eaafbf@kili.mounta...
sound/soc/sof/ipc4-topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c index db64e0cb8663..50faa4c88b97 100644 --- a/sound/soc/sof/ipc4-topology.c +++ b/sound/soc/sof/ipc4-topology.c @@ -881,7 +881,7 @@ static int sof_ipc4_widget_setup_comp_process(struct snd_sof_widget *swidget) /* allocate memory for base config extension if needed */ if (process->init_config == SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) { struct sof_ipc4_base_module_cfg_ext *base_cfg_ext;
u32 ext_size = struct_size(base_cfg_ext, pin_formats,
size_t ext_size = struct_size(base_cfg_ext, pin_formats, swidget->num_input_pins + swidget->num_output_pins);
The temptation would be to change the addition as well:
size_t ext_size = struct_size(base_cfg_ext, pin_formats, size_add(swidget->num_input_pins, swidget->num_output_pins);
These values can only be in the 0-8 range so it's not a real bug.
Smatch cannot parse this data correctly to verify that it is safe. Maybe in two years Smatch will be able to. Probably a human who is unfamiliar with this code can figure out that it is safe within 15 minutes?
I think the change to size_t doesn't hurt anyone and there isn't any downside to it. The size_add() change is slightly less readable than just adding the numbers but I think eventually people will just get used to it.
regards, dan carpenter