[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202301121458.865E4834C@keescook>
Date: Thu, 12 Jan 2023 15:00:38 -0800
From: Kees Cook <keescook@...omium.org>
To: Julius Werner <jwerner@...omium.org>
Cc: Jack Rosenthal <jrosenth@...omium.org>,
Paul Menzel <pmenzel@...gen.mpg.de>,
Guenter Roeck <groeck@...omium.org>,
Brian Norris <briannorris@...omium.org>,
Stephen Boyd <swboyd@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] firmware: coreboot: Check size of table entry and
split memcpy
On Mon, Jan 09, 2023 at 04:02:26PM +0100, Julius Werner wrote:
> Reviewed-by: Julius Werner <jwerner@...omium.org>
>
> > - memcpy(&device->entry, ptr_entry, entry->size);
> > + memcpy(device->raw, entry, entry->size);
>
> nit: It's a bit odd to change the source pointer from ptr_entry to
> entry here. Technically the static analyzer would be within its rights
> to give you a warning for that as well, because you're now
> "overrunning" the source struct instead of the destination one.
True. We've been focused on write overflows, but yeah, since the
location of the flex array changed, I'll switch this back to ptr_entry.
--
Kees Cook
Powered by blists - more mailing lists