lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Mar 2019 10:44:53 -0700
From:   James Bottomley <jejb@...ux.ibm.com>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        James Smart <james.smart@...adcom.com>,
        Dick Kennedy <dick.kennedy@...adcom.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>
Cc:     linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: lpfc_nvme: Fix wrong sizeof argument

On Mon, 2019-03-18 at 12:15 -0500, Gustavo A. R. Silva wrote:
> sizeof() is currently using the wrong argument when used in a call to
> memset().  Notice that wqe is a pointer to union lpfc_wqe128, not to
> union lpfc_wqe.
> 
> Fix this by using union lpfc_wqe128 instead of lpfc_wqe as argument
> of sizeof().
> 
> Addresses-Coverity-ID: 1443938 ("Wrong sizeof argument")
> Fixes: 5fd1108517d9 ("scsi: lpfc: Streamline NVME Initiator WQE
> setup")
> Cc: stable@...r.kernel.org
> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> ---
>  drivers/scsi/lpfc/lpfc_nvme.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_nvme.c
> b/drivers/scsi/lpfc/lpfc_nvme.c
> index d16ca413110d..3dc0c85c7d50 100644
> --- a/drivers/scsi/lpfc/lpfc_nvme.c
> +++ b/drivers/scsi/lpfc/lpfc_nvme.c
> @@ -1981,7 +1981,7 @@ lpfc_get_nvme_buf(struct lpfc_hba *phba, struct
> lpfc_nodelist *ndlp,
>  		/* Fill in word 3 / sgl_len during cmd submission */
>  
>  		/* Initialize WQE */
> -		memset(wqe, 0, sizeof(union lpfc_wqe));
> +		memset(wqe, 0, sizeof(union lpfc_wqe128));

Actually the correct way to avoid potential problems like this is

	memset(wqe, 0, sizeof(*wqe));

James

Powered by blists - more mailing lists