From: Gustavo A. R. Silva Date: Mon, 25 Feb 2019 19:11:37 +0000 (-0600) Subject: Bluetooth: mgmt: Use struct_size() helper X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=4a67e5d4adbf3b419f17924322f468ac5cb8c14f;p=android-x86%2Fkernel.git Bluetooth: mgmt: Use struct_size() helper Make use of the struct_size() helper instead of an open-coded version in order to avoid any potential type mistakes, in particular in the context in which this code is being used. So, change the following form: sizeof(*rp) + (sizeof(rp->entry[0]) * count); to : struct_size(rp, entry, count) Notice that, in this case, variable rp_len is not necessary, hence it is removed. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index ccce954f8146..1e2acaddcdfd 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -474,7 +474,6 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, { struct mgmt_rp_read_ext_index_list *rp; struct hci_dev *d; - size_t rp_len; u16 count; int err; @@ -488,8 +487,7 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, count++; } - rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); - rp = kmalloc(rp_len, GFP_ATOMIC); + rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); if (!rp) { read_unlock(&hci_dev_list_lock); return -ENOMEM; @@ -525,7 +523,6 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, } rp->num_controllers = cpu_to_le16(count); - rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); read_unlock(&hci_dev_list_lock); @@ -538,7 +535,8 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, - MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); + MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, + struct_size(rp, entry, count)); kfree(rp);