diff options
| author | Gustavo A. R. Silva <gustavoars@kernel.org> | 2023-09-15 12:17:49 -0600 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2023-09-17 18:50:33 +0100 |
| commit | d692873cbe861a870cdc9cbfb120eefd113c3dfd (patch) | |
| tree | 10007e840a926d6addbd923438596b8ca329c3f6 /tools/testing/selftests/bpf/prog_tests/skb_load_bytes.c | |
| parent | ebdada9de39d6a398bd4ba1007e306b57149083c (diff) | |
gve: Use size_add() in call to struct_size()
If, for any reason, `tx_stats_num + rx_stats_num` wraps around, the
protection that struct_size() adds against potential integer overflows
is defeated. Fix this by hardening call to struct_size() with size_add().
Fixes: 691f4077d560 ("gve: Replace zero-length array with flexible-array member")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/skb_load_bytes.c')
0 files changed, 0 insertions, 0 deletions