cxl/pmem: Use size_add() against integer overflow

"struct_size() + n" may cause a integer overflow, use size_add() to handle it. Signed-off-by: Yu Zhe <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Dan Williams <[email protected]>
chewitt · Nov 3, 2022 · 4f1aa35 · 4f1aa35
1 parent 71ee71d
commit 4f1aa35
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
@@ -148,7 +148,7 @@ static int cxl_pmem_set_config_data(struct cxl_dev_state *cxlds,
 		return -EINVAL;
 
 	/* 4-byte status follows the input data in the payload */
-	if (struct_size(cmd, in_buf, cmd->in_length) + 4 > buf_len)
+	if (size_add(struct_size(cmd, in_buf, cmd->in_length), 4) > buf_len)
 		return -EINVAL;
 
 	set_lsa =