| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Apr 2017 14:35:33 -0400 (EDT)
From: Mikulas Patocka <mpatocka@...hat.com>
To: "David S. Miller" <davem@...emloft.net>
cc: linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org,
"James E.J. Bottomley" <jejb@...isc-linux.org>,
Helge Deller <deller@....de>,
John David Anglin <dave.anglin@...l.net>,
linux-parisc@...r.kernel.org
Subject: [PATCH] ide: don't call memcpy with the same source and
destination
The parisc architecture recently reimplemented the memcpy function and
their reimplementation crashed when source and destination overlapped.
The crash happened in the function ide_complete_cmd where memcpy is called
with the same source and destination pointer. According to the C
specification, memcpy behavior is undefined if the source and destination
range overlaps. This patches fixes the undefined behavior.
Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>
---
drivers/ide/ide-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-4.11-rc6/drivers/ide/ide-io.c
===================================================================
--- linux-4.11-rc6.orig/drivers/ide/ide-io.c
+++ linux-4.11-rc6/drivers/ide/ide-io.c
@@ -107,7 +107,7 @@ void ide_complete_cmd(ide_drive_t *drive
if (cmd->tf_flags & IDE_TFLAG_DYN)
kfree(orig_cmd);
- else
+ else if (cmd != orig_cmd)
memcpy(orig_cmd, cmd, sizeof(*cmd));
}
}
Powered by blists - more mailing lists