Dynamic size calculations (especially multiplication) should not be
performed in memory allocator function arguments due to the risk of them
overflowing. This could lead to values wrapping around and a smaller
allocation being made than the caller was expecting. Using those
allocations could lead to linear overflows of heap memory and other
misbehaviors.
To avoid this scenario, use the struct_size helper.
Signed-off-by: Len Baker <len.ba...@gmx.com>
---
arch/arc/kernel/unwind.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/arc/kernel/unwind.c b/arch/arc/kernel/unwind.c
index 47bab67f8649..af18052b86a7 100644
--- a/arch/arc/kernel/unwind.c
+++ b/arch/arc/kernel/unwind.c
@@ -13,6 +13,7 @@
#include <linux/sched.h>
#include <linux/module.h>
#include <linux/memblock.h>
+#include <linux/overflow.h>
#include <linux/sort.h>
#include <linux/slab.h>
#include <linux/stop_machine.h>
@@ -312,9 +313,7 @@ static void init_unwind_hdr(struct unwind_table *table,
if (tableSize || !n)
goto ret_err;
- hdrSize = 4 + sizeof(unsigned long) + sizeof(unsigned int)
- + 2 * n * sizeof(unsigned long);
-
+ hdrSize = struct_size(header, table, n);
header = alloc(hdrSize);
if (!header)
goto ret_err;
--
2.25.1
_______________________________________________
linux-snps-arc mailing list
linux-snps-arc@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-snps-arc
