Replace one-element array with flex-array member in drivers/xen/xen-front-pgdir-shbuf.c

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Other

80 stars 5 forks source link

Replace one-element array with flex-array member in drivers/xen/xen-front-pgdir-shbuf.c #255

Closed GustavoARSilva closed 1 year ago

GustavoARSilva commented 1 year ago

drivers/xen/xen-front-pgdir-shbuf.c:
 30 struct xen_page_directory {
 31         grant_ref_t gref_dir_next_page;
 32 #define XEN_GREF_LIST_END       0
 33         grant_ref_t gref[1]; /* Variable length */
 34 };

Also, worth noting is that this fake flex-array is currently being used as argument in calls to memcpy():

drivers/xen/xen-front-pgdir-shbuf.c-384-                memcpy(&page_dir->gref, &buf->grefs[cur_gref],
drivers/xen/xen-front-pgdir-shbuf.c-385-                       to_copy * sizeof(grant_ref_t));

GustavoARSilva commented 1 year ago

In mainline now.