Re: [PATCH 8/8][next] scsi: aacraid: Replace one-element array with flexible-array member in struct aac_aifcmd
From: Kees Cook
Date: Thu Jun 23 2022 - 12:29:33 EST
On Tue, Feb 22, 2022 at 01:31:07AM -0600, Gustavo A. R. Silva wrote:
> Replace one-element array with flexible-array member in struct
> aac_aifcmd.
>
> This issue was found with the help of Coccinelle and audited and fixed,
> manually.
>
> Link: https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays
> Link: https://github.com/KSPP/linux/issues/79
> Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
> ---
> drivers/scsi/aacraid/aacraid.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
> index 97948cd5f13c..447feabf5360 100644
> --- a/drivers/scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -2616,7 +2616,7 @@ struct aac_hba_info {
> struct aac_aifcmd {
> __le32 command; /* Tell host what type of notify this is */
> __le32 seqnum; /* To allow ordering of reports (if necessary) */
> - u8 data[1]; /* Undefined length (from kernel viewpoint) */
> + u8 data[]; /* Undefined length (from kernel viewpoint) */
> };
>
> /**
> --
> 2.27.0
>
FWIW, this patch solves an -Warray-bounds warning that is seen under
-fstrict-flex-arrays=3 (coming soon[1]):
../drivers/scsi/aacraid/commsup.c:1166:17: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
(((__le32 *)aifcmd->data)[1] == cpu_to_le32(3));
^ ~
../drivers/scsi/aacraid/aacraid.h:2620:2: note: array 'data' declared here
u8 data[1]; /* Undefined length (from kernel viewpoint) */
^
../drivers/scsi/aacraid/commsup.c:1286:20: warning: array index 3 is past the end of the array (which contains 1 element) [-Warray-bounds]
((((__le32 *)aifcmd->data)[3]
^ ~
../drivers/scsi/aacraid/aacraid.h:2620:2: note: array 'data' declared here
u8 data[1]; /* Undefined length (from kernel viewpoint) */
^
[1] new flag in GCC and Clang:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836
https://reviews.llvm.org/D126864
--
Kees Cook