search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
80 stars 5 forks source link

Replace a couple of one-element arrays with flex-array members in fs/xfs/libxfs/xfs_da_format.h #251

Closed GustavoARSilva closed 6 months ago

GustavoARSilva commented 1 year ago

fs/xfs/libxfs/xfs_da_format.h:

620 typedef struct xfs_attr_leaf_name_local {
621         __be16  valuelen;               /* number of bytes in value */
622         __u8    namelen;                /* length of name bytes */
623         __u8    nameval[1];              /* name/value bytes */
624 } xfs_attr_leaf_name_local_t;
625 
626 typedef struct xfs_attr_leaf_name_remote {
627         __be32  valueblk;               /* block number of value bytes */
628         __be32  valuelen;               /* number of bytes in value */
629         __u8    namelen;                /* length of name bytes */
630         __u8    name[1];         /* name bytes */
631 } xfs_attr_leaf_name_remote_t;

Also, worth noting is that these fake flex-arrays are currently being used as arguments in calls to memcpy():

fs/xfs/libxfs/xfs_attr_leaf.c:

-       memcpy((char *)name_loc->nameval, args->name, args->namelen);
-       memcpy((char *)&name_loc->nameval[args->namelen], args->value,
-       memcpy((char *)name_rmt->name, args->name, args->namelen);
kees commented 6 months ago

Fixed in commit a49bbce58ea90.