USB: gadget: u_f: add overflow checks to VLA macros (849d2b00) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/usb/gadget/u_f.h

+27 −11

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		#define __U_F_H__

		#include <linux/usb/gadget.h>
		#include <linux/overflow.h>

		/* Variable Length Array Macros **********************************************/
		#define vla_group(groupname) size_t groupname##__next = 0
		@@ -24,20 +25,35 @@

		#define vla_item(groupname, type, name, n) \
		size_t groupname##_##name##__offset = ({ \
		size_t offset = 0; \
		if (groupname##__next != SIZE_MAX) { \
		size_t align_mask = __alignof__(type) - 1; \
		size_t offset = (groupname##__next + align_mask) & ~align_mask;\
		size_t size = (n) * sizeof(type); \
		groupname##__next = offset + size; \
		size_t offset = (groupname##__next + align_mask) \
		& ~align_mask; \
		size_t size = array_size(n, sizeof(type)); \
		if (check_add_overflow(offset, size, \
		&groupname##__next)) { \
		groupname##__next = SIZE_MAX; \
		offset = 0; \
		} \
		} \
		offset; \
		})

		#define vla_item_with_sz(groupname, type, name, n) \
		size_t groupname##_##name##__sz = (n) * sizeof(type); \
		size_t groupname##_##name##__sz = array_size(n, sizeof(type)); \
		size_t groupname##_##name##__offset = ({ \
		size_t offset = 0; \
		if (groupname##__next != SIZE_MAX) { \
		size_t align_mask = __alignof__(type) - 1; \
		size_t offset = (groupname##__next + align_mask) & ~align_mask;\
		size_t size = groupname##_##name##__sz; \
		groupname##__next = offset + size; \
		size_t offset = (groupname##__next + align_mask) \
		& ~align_mask; \
		if (check_add_overflow(offset, groupname##_##name##__sz,\
		&groupname##__next)) { \
		groupname##__next = SIZE_MAX; \
		offset = 0; \
		} \
		} \
		offset; \
		})