From: Xichao Zhao <zhao.xichao@vivo.com>
Date: Wed, 13 Aug 2025 11:50:58 +0000 (+0800)
Subject: binfmt_elf: Replace offsetof() with struct_size() in fill_note_info()
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a728ce8ffbd27954fdb2826dcc15a6576e574b83;p=thirdparty%2Fkernel%2Fstable.git

binfmt_elf: Replace offsetof() with struct_size() in fill_note_info()

When dealing with structures containing flexible arrays, struct_size()
provides additional compile-time checks compared to offsetof(). This
enhances code robustness and reduces the risk of potential errors.

Signed-off-by: Xichao Zhao <zhao.xichao@vivo.com>
Link: https://lore.kernel.org/r/20250813115058.635742-1-zhao.xichao@vivo.com
Signed-off-by: Kees Cook <kees@kernel.org>
---

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 264fba0d44bdf..4aacf9c9cc2df 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1845,16 +1845,14 @@ static int fill_note_info(struct elfhdr *elf, int phdrs,
 	/*
 	 * Allocate a structure for each thread.
 	 */
-	info->thread = kzalloc(offsetof(struct elf_thread_core_info,
-				     notes[info->thread_notes]),
-			    GFP_KERNEL);
+	info->thread = kzalloc(struct_size(info->thread, notes, info->thread_notes),
+			       GFP_KERNEL);
 	if (unlikely(!info->thread))
 		return 0;
 
 	info->thread->task = dump_task;
 	for (ct = dump_task->signal->core_state->dumper.next; ct; ct = ct->next) {
-		t = kzalloc(offsetof(struct elf_thread_core_info,
-				     notes[info->thread_notes]),
+		t = kzalloc(struct_size(t, notes, info->thread_notes),
 			    GFP_KERNEL);
 		if (unlikely(!t))
 			return 0;