From e6d2338b6f3e522872f3a14fcc5e5de2f58bf23b Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Tue, 16 Sep 2025 14:21:45 +0200 Subject: [PATCH] firewire: core: use struct_size and flex_array_size in ioctl_add_descriptor Use struct_size() to determine the memory needed for a new 'struct descriptor_resource' and flex_array_size() to calculate the number of bytes to copy from userspace. This removes the hardcoded size (4 bytes) for the 'u32 data[]' entries. No functional changes intended. Signed-off-by: Thorsten Blum Link: https://lore.kernel.org/r/20250916122143.2459993-3-thorsten.blum@linux.dev Signed-off-by: Takashi Sakamoto --- drivers/firewire/core-cdev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index 112b33099610c..9913162006181 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -940,11 +940,12 @@ static int ioctl_add_descriptor(struct client *client, union ioctl_arg *arg) if (a->length > 256) return -EINVAL; - r = kmalloc(sizeof(*r) + a->length * 4, GFP_KERNEL); + r = kmalloc(struct_size(r, data, a->length), GFP_KERNEL); if (r == NULL) return -ENOMEM; - if (copy_from_user(r->data, u64_to_uptr(a->data), a->length * 4)) { + if (copy_from_user(r->data, u64_to_uptr(a->data), + flex_array_size(r, data, a->length))) { ret = -EFAULT; goto failed; } -- 2.47.3