Commit a7e45454 authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Marcel Holtmann
Browse files

Bluetooth: Replace zero-length array with flexible-array member 

The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:

struct foo {
        int stuff;
        struct boo array[];
};

By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.

Also, notice that, dynamic memory allocations won't be affected by
this change:

"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]

This issue was found with the help of Coccinelle.

[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21


[3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")

Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent eed467b5

drivers/bluetooth/btqca.h

+3 −3
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ struct qca_fw_config { 
struct edl_event_hdr {

	__u8 cresp;

	__u8 rtype;

	__u8 data[0];

	__u8 data[];

} __packed;



struct qca_btsoc_version {
@@ -112,12 +112,12 @@ struct tlv_type_nvm { 
	__le16 tag_len;

	__le32 reserve1;

	__le32 reserve2;

	__u8   data[0];

	__u8   data[];

} __packed;



struct tlv_type_hdr {

	__le32 type_len;

	__u8   data[0];

	__u8   data[];

} __packed;



enum qca_btsoc_type {

drivers/bluetooth/btrtl.h

+2 −2
Original line number Diff line number Diff line
@@ -38,13 +38,13 @@ struct rtl_epatch_header { 
struct rtl_vendor_config_entry {

	__le16 offset;

	__u8 len;

	__u8 data[0];

	__u8 data[];

} __packed;



struct rtl_vendor_config {

	__le32 signature;

	__le16 total_len;

	struct rtl_vendor_config_entry entry[0];

	struct rtl_vendor_config_entry entry[];

} __packed;



#if IS_ENABLED(CONFIG_BT_RTL)

include/net/bluetooth/hci.h

+15 −15
Original line number Diff line number Diff line
@@ -935,7 +935,7 @@ struct hci_cp_sniff_subrate { 
struct hci_cp_set_event_flt {

	__u8     flt_type;

	__u8     cond_type;

	__u8     condition[0];

	__u8     condition[];

} __packed;



/* Filter types */
@@ -1335,7 +1335,7 @@ struct hci_rp_read_local_amp_assoc { 
	__u8     status;

	__u8     phy_handle;

	__le16   rem_len;

	__u8     frag[0];

	__u8     frag[];

} __packed;



#define HCI_OP_WRITE_REMOTE_AMP_ASSOC	0x140b
@@ -1343,7 +1343,7 @@ struct hci_cp_write_remote_amp_assoc { 
	__u8     phy_handle;

	__le16   len_so_far;

	__le16   rem_len;

	__u8     frag[0];

	__u8     frag[];

} __packed;

struct hci_rp_write_remote_amp_assoc {

	__u8     status;
@@ -1613,7 +1613,7 @@ struct hci_cp_le_set_ext_scan_params { 
	__u8    own_addr_type;

	__u8    filter_policy;

	__u8    scanning_phys;

	__u8    data[0];

	__u8    data[];

} __packed;



#define LE_SCAN_PHY_1M		0x01
@@ -1641,7 +1641,7 @@ struct hci_cp_le_ext_create_conn { 
	__u8      peer_addr_type;

	bdaddr_t  peer_addr;

	__u8      phys;

	__u8      data[0];

	__u8      data[];

} __packed;



struct hci_cp_le_ext_conn_param {
@@ -1693,7 +1693,7 @@ struct hci_rp_le_set_ext_adv_params { 
struct hci_cp_le_set_ext_adv_enable {

	__u8  enable;

	__u8  num_of_sets;

	__u8  data[0];

	__u8  data[];

} __packed;



struct hci_cp_ext_adv_set {
@@ -1775,14 +1775,14 @@ struct hci_cp_le_set_cig_params { 
	__le16  m_latency;

	__le16  s_latency;

	__u8    num_cis;

	struct hci_cis_params cis[0];

	struct hci_cis_params cis[];

} __packed;



struct hci_rp_le_set_cig_params {

	__u8    status;

	__u8    cig_id;

	__u8    num_handles;

	__le16  handle[0];

	__le16  handle[];

} __packed;



#define HCI_OP_LE_CREATE_CIS			0x2064
@@ -1793,7 +1793,7 @@ struct hci_cis { 


struct hci_cp_le_create_cis {

	__u8    num_cis;

	struct hci_cis cis[0];

	struct hci_cis cis[];

} __packed;



#define HCI_OP_LE_REMOVE_CIG			0x2065
@@ -1937,7 +1937,7 @@ struct hci_comp_pkts_info { 


struct hci_ev_num_comp_pkts {

	__u8     num_hndl;

	struct hci_comp_pkts_info handles[0];

	struct hci_comp_pkts_info handles[];

} __packed;



#define HCI_EV_MODE_CHANGE		0x14
@@ -2170,7 +2170,7 @@ struct hci_comp_blocks_info { 
struct hci_ev_num_comp_blocks {

	__le16   num_blocks;

	__u8     num_hndl;

	struct hci_comp_blocks_info handles[0];

	struct hci_comp_blocks_info handles[];

} __packed;



#define HCI_EV_SYNC_TRAIN_COMPLETE	0x4F
@@ -2226,7 +2226,7 @@ struct hci_ev_le_advertising_info { 
	__u8	 bdaddr_type;

	bdaddr_t bdaddr;

	__u8	 length;

	__u8	 data[0];

	__u8	 data[];

} __packed;



#define HCI_EV_LE_CONN_UPDATE_COMPLETE	0x03
@@ -2302,7 +2302,7 @@ struct hci_ev_le_ext_adv_report { 
	__u8  	 direct_addr_type;

	bdaddr_t direct_addr;

	__u8  	 length;

	__u8	 data[0];

	__u8	 data[];

} __packed;



#define HCI_EV_LE_ENHANCED_CONN_COMPLETE    0x0a
@@ -2362,7 +2362,7 @@ struct hci_evt_le_cis_req { 
#define HCI_EV_STACK_INTERNAL	0xfd

struct hci_ev_stack_internal {

	__u16    type;

	__u8     data[0];

	__u8     data[];

} __packed;



#define HCI_EV_SI_DEVICE	0x01
@@ -2409,7 +2409,7 @@ struct hci_sco_hdr { 
struct hci_iso_hdr {

	__le16	handle;

	__le16	dlen;

	__u8	data[0];

	__u8	data[];

} __packed;



/* ISO data packet status flags */

include/net/bluetooth/hci_sock.h

+3 −3
Original line number Diff line number Diff line
@@ -144,19 +144,19 @@ struct hci_dev_req { 


struct hci_dev_list_req {

	__u16  dev_num;

	struct hci_dev_req dev_req[0];	/* hci_dev_req structures */

	struct hci_dev_req dev_req[];	/* hci_dev_req structures */

};



struct hci_conn_list_req {

	__u16  dev_id;

	__u16  conn_num;

	struct hci_conn_info conn_info[0];

	struct hci_conn_info conn_info[];

};



struct hci_conn_info_req {

	bdaddr_t bdaddr;

	__u8     type;

	struct   hci_conn_info conn_info[0];

	struct   hci_conn_info conn_info[];

};



struct hci_auth_info_req {

include/net/bluetooth/l2cap.h

+4 −4
Original line number Diff line number Diff line
@@ -299,14 +299,14 @@ struct l2cap_conn_rsp { 
struct l2cap_conf_req {

	__le16     dcid;

	__le16     flags;

	__u8       data[0];

	__u8       data[];

} __packed;



struct l2cap_conf_rsp {

	__le16     scid;

	__le16     flags;

	__le16     result;

	__u8       data[0];

	__u8       data[];

} __packed;



#define L2CAP_CONF_SUCCESS	0x0000
@@ -322,7 +322,7 @@ struct l2cap_conf_rsp { 
struct l2cap_conf_opt {

	__u8       type;

	__u8       len;

	__u8       val[0];

	__u8       val[];

} __packed;

#define L2CAP_CONF_OPT_SIZE	2
@@ -392,7 +392,7 @@ struct l2cap_info_req { 
struct l2cap_info_rsp {

	__le16      type;

	__le16      result;

	__u8        data[0];

	__u8        data[];

} __packed;



struct l2cap_create_chan_req {

CRA Git | Maintained and supported by SUSTech CRA and CCSE