Re: [PATCH][next] staging: greybus: i2c: Use struct_size() helper in gb_i2c_operation_create()

From: Kees Cook
Date: Thu Jan 27 2022 - 05:05:28 EST

Next message: Daniel Vetter: "Re: [PATCH] drivers: Fix typo in comment"
Previous message: Aleksa Vučković: "Re: [PATCH] drivers: dio: Fixed coding style issues"
In reply to: Dan Carpenter: "Re: [PATCH][next] staging: greybus: i2c: Use struct_size() helper in gb_i2c_operation_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 26, 2022 at 01:54:04PM +0300, Dan Carpenter wrote:
> On Mon, Jan 24, 2022 at 12:19:03PM -0800, Kees Cook wrote:
> > This could still overflow if struct_size() returns SIZE_MAX. Perhaps:
> >
> > if (check_add_overflow(struct_size(request, ops, msg_count),
> > data_out_size, &request_size))
> > request_size = SIZE_MAX;
> >
> > I should brush off the saturating arithmetic helpers series:
> > https://lore.kernel.org/all/20210920180853.1825195-1-keescook@xxxxxxxxxxxx/
>
> Yes, please! Those seem like a million times easier to use.

Here they are! :) Please review:

https://lore.kernel.org/lkml/20220124232342.3113350-1-keescook@xxxxxxxxxxxx/

Thanks!

--
Kees Cook

Next message: Daniel Vetter: "Re: [PATCH] drivers: Fix typo in comment"
Previous message: Aleksa Vučković: "Re: [PATCH] drivers: dio: Fixed coding style issues"
In reply to: Dan Carpenter: "Re: [PATCH][next] staging: greybus: i2c: Use struct_size() helper in gb_i2c_operation_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]