lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20201026221406.3897734-1-arnd@kernel.org>
Date:   Mon, 26 Oct 2020 23:13:16 +0100
From:   Arnd Bergmann <arnd@...nel.org>
To:     Russell King <linux@...linux.org.uk>
Cc:     Arnd Bergmann <arnd@...db.de>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: [PATCH] ARM: atags_compat: avoid -Warray-bounds warning

From: Arnd Bergmann <arnd@...db.de>

gcc-11 reports a struct member overflow when copying a string
into a single-character array:

In file included from arch/arm/kernel/atags_compat.c:17:
In function 'strcpy',
    inlined from 'build_tag_list' at arch/arm/kernel/atags_compat.c:200:2:
include/linux/string.h:287:29: warning: '__builtin_strcpy' offset 108 from the object at 'taglist' is out of the bounds of referenced subobject 'cmdline' with type 'char[1]' at offset 108 [-Warray-bounds]
  287 | #define __underlying_strcpy __builtin_strcpy
      |                             ^
include/linux/string.h:481:10: note: in expansion of macro '__underlying_strcpy'
  481 |   return __underlying_strcpy(p, q);
      |          ^~~~~~~~~~~~~~~~~~~
In file included from arch/arm/include/asm/setup.h:14,
                 from arch/arm/kernel/atags_compat.c:20:
arch/arm/kernel/atags_compat.c: In function 'build_tag_list':
arch/arm/include/uapi/asm/setup.h:127:7: note: subobject 'cmdline' declared here
  127 |  char cmdline[1]; /* this is the minimum size */
      |       ^~~~~~~

The code is otherwise correct, so just shut up the warning by
not letting the compiler see the underlying type.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
 arch/arm/kernel/atags_compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/kernel/atags_compat.c b/arch/arm/kernel/atags_compat.c
index 10da11c212cc..3f1f631763ba 100644
--- a/arch/arm/kernel/atags_compat.c
+++ b/arch/arm/kernel/atags_compat.c
@@ -197,7 +197,7 @@ static void __init build_tag_list(struct param_struct *params, void *taglist)
 	tag->hdr.tag = ATAG_CMDLINE;
 	tag->hdr.size = (strlen(params->commandline) + 3 +
 			 sizeof(struct tag_header)) >> 2;
-	strcpy(tag->u.cmdline.cmdline, params->commandline);
+	strcpy((void*)&tag->u, params->commandline);
 
 	tag = tag_next(tag);
 	tag->hdr.tag = ATAG_NONE;
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ