snd_seq_device_new() allocates struct snd_seq_device together with a
caller-specific argument area. SNDRV_SEQ_DEVICE_ARGPTR() reaches that
area by adding sizeof(struct snd_seq_device) to the object pointer.
Make the trailing storage explicit with a flexible array and allocate it
with kzalloc_flex(). This makes the object layout self-describing and
avoids open-coded size arithmetic in the allocation and accessor.
Reject negative argsize values before calculating the allocation size.
Current in-tree callers pass either zero or sizeof() values, but the
function takes an int size argument and should not let a negative value
flow into unsigned allocation arithmetic.
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Link: https://patch.msgid.link/20260531-alsa-seq-flex-args-v2-1-6e068d4ed9b0@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
void *private_data; /* private data for the caller */
void (*private_free)(struct snd_seq_device *device);
struct device dev;
+ unsigned char args[]; /* driver-specific argument */
};
#define to_seq_dev(_dev) \
int snd_seq_device_new(struct snd_card *card, int device, const char *id,
int argsize, struct snd_seq_device **result);
-#define SNDRV_SEQ_DEVICE_ARGPTR(dev) (void *)((char *)(dev) + sizeof(struct snd_seq_device))
+#define SNDRV_SEQ_DEVICE_ARGPTR(dev) ((void *)(dev)->args)
int __must_check __snd_seq_driver_register(struct snd_seq_driver *drv,
struct module *mod);
if (snd_BUG_ON(!id))
return -EINVAL;
- dev = kzalloc(sizeof(*dev) + argsize, GFP_KERNEL);
+ if (argsize < 0)
+ return -EINVAL;
+
+ dev = kzalloc_flex(*dev, args, argsize);
if (!dev)
return -ENOMEM;
projects / thirdparty / linux.git / commitdiff
