Gustavo A. R. Silva 6f2f49ae4c media: venus: hfi_msgs.h: Replace one-element arrays with flexible-array members ...

There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].

Use flexible-array members in struct hfi_msg_sys_property_info_pkt and
hfi_msg_session_property_info_pkt instead of one-element arrays, and
refactor the code accordingly.

Also, this helps with the ongoing efforts to enable -Warray-bounds by
fixing the following warnings:

  CC [M]  drivers/media/platform/qcom/venus/hfi_msgs.o
drivers/media/platform/qcom/venus/hfi_msgs.c: In function ‘hfi_sys_property_info’:
drivers/media/platform/qcom/venus/hfi_msgs.c:246:35: warning: array subscript 1 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds]
  246 |  if (req_bytes < 128 || !pkt->data[1] || pkt->num_properties > 1)
      |                          ~~~~~~~~~^~~
drivers/media/platform/qcom/venus/hfi_msgs.c: In function ‘hfi_session_prop_info’:
drivers/media/platform/qcom/venus/hfi_msgs.c:342:62: warning: array subscript 1 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds]
  342 |  if (!req_bytes || req_bytes % sizeof(*buf_req) || !pkt->data[1])
      |                                                     ~~~~~~~~~^~~

[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109

Co-developed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

2021-06-17 09:42:30 +02:00

..

cec

media: s5p: fix pm_runtime_get_sync() usage count

2021-05-10 11:36:33 +02:00

common

media: siano: fix device register error path

2021-06-17 09:27:08 +02:00

dvb-core

media: dvb-core: frontend: make GET/SET safer

2021-06-17 09:29:11 +02:00

dvb-frontends

media: mxl692: make a const array static, makes object smaller

2021-06-08 15:50:38 +02:00

firewire

module: remove never implemented MODULE_SUPPORTED_DEVICE

2021-03-17 13:16:18 -07:00

i2c

media: tc358743: Fix error return code in tc358743_probe_of()

2021-06-02 13:31:39 +02:00

mc

media: mc-request.c: allow object_bind in QUEUED state

2021-06-02 11:41:54 +02:00

mmc

media updates for v5.8-rc1

2020-06-03 20:59:38 -07:00

pci

media: saa7134: fix saa7134_initdev error handling logic

2021-06-17 09:26:42 +02:00

platform

media: venus: hfi_msgs.h: Replace one-element arrays with flexible-array members

2021-06-17 09:42:30 +02:00

radio

media: radio: si4713: constify static struct v4l2_ioctl_ops

2021-06-02 13:26:11 +02:00

rc

media: imon: use DEVICE_ATTR_RW() helper macro

2021-06-08 15:57:51 +02:00

spi

media: cxd2880-spi: Fix some error messages

2021-06-08 15:51:35 +02:00

test-drivers

media: vivid: use vb2_queue_change_type

2021-06-08 12:06:55 +02:00

tuners

media: m88rs6000t: avoid potential out-of-bounds reads on arrays

2021-03-22 17:41:39 +01:00

usb

media: ttusb-dec: cleanup an error handling logic

2021-06-17 09:27:34 +02:00

v4l2-core

media: hevc: Add decode params control

2021-06-08 16:04:27 +02:00

Kconfig

media: Correct 'so'

2021-03-22 11:52:09 +01:00

Makefile

media: media/test_drivers: rename to test-drivers

2020-04-16 10:38:31 +02:00