[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1431355082-29290-1-git-send-email-hofrat@osadl.org>
Date: Mon, 11 May 2015 16:38:02 +0200
From: Nicholas Mc Guire <hofrat@...dl.org>
To: Hoang-Nam Nguyen <hnguyen@...ibm.com>
Cc: Christoph Raisch <raisch@...ibm.com>,
Doug Ledford <dledford@...hat.com>,
Sean Hefty <sean.hefty@...el.com>,
Hal Rosenstock <hal.rosenstock@...il.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org,
Nicholas Mc Guire <hofrat@...dl.org>
Subject: [PATCH] IB/ehca: use correct destination for memcpy
Using an element of a struct as the address for the memcpy of the whole
struct may introduce a buffer overflow and does not help readability either
simply pass the real thing as first argument to memcpy.
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Nicholas Mc Guire <hofrat@...dl.org>
---
passing the first element of a struct as destination triggers buffer
overflows warnings in tools like Smatch.
./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_attach_mcast.80 WARNING:
memcpy copying entire struct to first element
./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_detach_mcast.117 WARNING:
memcpy copying entire struct to first element
Simply use the structure rather than the first element (which could change)
which also help readability.
Patch was only compile tested with ppc64_defconfig (implies
CONFIG_INFINIBAND_EHCA=m)
Patch is against 4.1-rc3 (localversion-next is -next-20150511)
drivers/infiniband/hw/ehca/ehca_mcast.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/ehca/ehca_mcast.c b/drivers/infiniband/hw/ehca/ehca_mcast.c
index 120aedf..cec1815 100644
--- a/drivers/infiniband/hw/ehca/ehca_mcast.c
+++ b/drivers/infiniband/hw/ehca/ehca_mcast.c
@@ -77,7 +77,7 @@ int ehca_attach_mcast(struct ib_qp *ibqp, union ib_gid *gid, u16 lid)
return -EINVAL;
}
- memcpy(&my_gid.raw, gid->raw, sizeof(union ib_gid));
+ memcpy(&my_gid, gid->raw, sizeof(union ib_gid));
subnet_prefix = be64_to_cpu(my_gid.global.subnet_prefix);
interface_id = be64_to_cpu(my_gid.global.interface_id);
@@ -114,7 +114,7 @@ int ehca_detach_mcast(struct ib_qp *ibqp, union ib_gid *gid, u16 lid)
return -EINVAL;
}
- memcpy(&my_gid.raw, gid->raw, sizeof(union ib_gid));
+ memcpy(&my_gid, gid->raw, sizeof(union ib_gid));
subnet_prefix = be64_to_cpu(my_gid.global.subnet_prefix);
interface_id = be64_to_cpu(my_gid.global.interface_id);
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists