From: Alexander Potapenko <gli...@google.com>
Date: Thu, 13 Jul 2017 21:28:39 +0200
> On Thu, Jul 13, 2017 at 8:32 PM, David Miller <da...@davemloft.net> wrote:
>> struct sctp_paramhdr {
>> __be16 type;
>> __be16 length;
>> };
>>
>> typedef struct sctp_errhdr {
>> __be16 cause;
>> __be16 length;
>> __u8 variable[0];
>> } sctp_errhdr_t;
...
>> Something like:
>>
>> pos.v + offsetof(pos.v, length) + sizeof(pos.v->length) <= (void *)
>> chunk + end
>
> Do we need to bother about truncated structures? Shouldn't it be
> enough to check that there's at least sizeof(struct sctp_paramhdr)
> bytes left then?
With the zero length array at the end, it's arguable what the "size"
of such a thing is.
That's why I tried to be explicit with the length field.
