From: Thorsten Blum <thorsten.blum@linux.dev>
Date: Tue, 16 Sep 2025 12:21:45 +0000 (+0200)
Subject: firewire: core: use struct_size and flex_array_size in ioctl_add_descriptor
X-Git-Tag: v6.18-rc1~159^2~10
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e6d2338b6f3e522872f3a14fcc5e5de2f58bf23b;p=thirdparty%2Fkernel%2Flinux.git

firewire: core: use struct_size and flex_array_size in ioctl_add_descriptor

Use struct_size() to determine the memory needed for a new 'struct
descriptor_resource' and flex_array_size() to calculate the number of
bytes to copy from userspace. This removes the hardcoded size (4 bytes)
for the 'u32 data[]' entries.

No functional changes intended.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Link: https://lore.kernel.org/r/20250916122143.2459993-3-thorsten.blum@linux.dev
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
---

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index 112b33099610c..9913162006181 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -940,11 +940,12 @@ static int ioctl_add_descriptor(struct client *client, union ioctl_arg *arg)
 	if (a->length > 256)
 		return -EINVAL;
 
-	r = kmalloc(sizeof(*r) + a->length * 4, GFP_KERNEL);
+	r = kmalloc(struct_size(r, data, a->length), GFP_KERNEL);
 	if (r == NULL)
 		return -ENOMEM;
 
-	if (copy_from_user(r->data, u64_to_uptr(a->data), a->length * 4)) {
+	if (copy_from_user(r->data, u64_to_uptr(a->data),
+			   flex_array_size(r, data, a->length))) {
 		ret = -EFAULT;
 		goto failed;
 	}