From 471a10d3af3b5ae239c87f1357de2d1919e7a6c6 Mon Sep 17 00:00:00 2001 From: "Isaac J. Manjarres" Date: Fri, 28 Feb 2025 10:40:40 -0800 Subject: [PATCH] ANDROID: mm/memfd-ashmem-shim: Fix variable length array usage The size of the buffer used to retrieve the memfd file name is currently calculated at runtime, making the buffer a variable length array. However, all of the terms used in the buffer size calculation are known at compile time, so use compile time constants for the calculation. Bug: 399839316 Change-Id: Ie1edf9a28f735ebeffab07f64efc4de45f1f095a Signed-off-by: Isaac J. Manjarres --- mm/memfd-ashmem-shim.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/memfd-ashmem-shim.c b/mm/memfd-ashmem-shim.c index 8c7016b905d6..e09d95a8b274 100644 --- a/mm/memfd-ashmem-shim.c +++ b/mm/memfd-ashmem-shim.c @@ -17,10 +17,12 @@ #include "memfd-ashmem-shim-internal.h" /* file_path() returns the path of the file including the root, hence the additional "/". */ -#define MEMFD_PATH_PREFIX_LEN strlen("/memfd:") +#define MEMFD_PATH_PREFIX "/memfd:" +#define MEMFD_PATH_PREFIX_LEN (sizeof(MEMFD_PATH_PREFIX) - 1) /* All memfd files are unlinked, and are therefore suffixed with the " (deleted)" string. */ -#define UNLINKED_FILE_SUFFIX_LEN strlen(" (deleted)") +#define UNLINKED_FILE_SUFFIX " (deleted)" +#define UNLINKED_FILE_SUFFIX_LEN (sizeof(UNLINKED_FILE_SUFFIX) - 1) /* * 1 character for the start of the path (/), NAME_MAX for the maximum length of a full memfd file @@ -38,8 +40,8 @@ static char *get_memfd_file_name(struct file *file, char *buf, size_t size) return path; /* Only handle memfds; we cannot make assumptions about other file names. */ - name_end = strstr(path, " (deleted)"); - if ((strstr(path, "/memfd:") != path) || !name_end) + name_end = strstr(path, UNLINKED_FILE_SUFFIX); + if ((strstr(path, MEMFD_PATH_PREFIX) != path) || !name_end) return ERR_PTR(-EINVAL); /*