| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230204183427.never.856-kees@kernel.org>
Date: Sat, 4 Feb 2023 10:34:27 -0800
From: Kees Cook <keescook@...omium.org>
To: Jan Kara <jack@...e.com>
Cc: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH] udf: Use unsigned variables for size calculations
To avoid confusing the compiler about possible negative sizes, switch
various size variables that can never be negative from int to u32. Seen
with GCC 13:
../fs/udf/directory.c: In function 'udf_copy_fi':
../include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' pointer overflow between offset 80 and size [-2147483648, -1] [-Warray-bounds=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
...
../fs/udf/directory.c:102:9: note: in expansion of macro 'memcpy'
102 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
| ^~~~~~
Cc: Jan Kara <jack@...e.com>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
fs/udf/directory.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/udf/directory.c b/fs/udf/directory.c
index 2e13c4b5fb81..e0bb73d414dd 100644
--- a/fs/udf/directory.c
+++ b/fs/udf/directory.c
@@ -71,8 +71,9 @@ static int udf_verify_fi(struct udf_fileident_iter *iter)
static int udf_copy_fi(struct udf_fileident_iter *iter)
{
struct udf_inode_info *iinfo = UDF_I(iter->dir);
- int blksize = 1 << iter->dir->i_blkbits;
- int err, off, len, nameoff;
+ u32 blksize = 1 << iter->dir->i_blkbits;
+ u32 off, len, nameoff;
+ int err;
/* Skip copying when we are at EOF */
if (iter->pos >= iter->dir->i_size) {
--
2.34.1
Powered by blists - more mailing lists