| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jul 2023 14:45:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Arnd Bergmann <arnd@...nel.org>
Cc: Arnd Bergmann <arnd@...db.de>,
Udipto Goswami <quic_ugoswami@...cinc.com>,
John Keeping <john@...ping.me.uk>,
Linyu Yuan <quic_linyyuan@...cinc.com>,
Dan Carpenter <error27@...il.com>, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: functionfs: avoid memcpy() field overflow warning
On Mon, Jul 03, 2023 at 02:30:32PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@...db.de>
>
> __ffs_func_bind_do_os_desc() copies both the CompatibleID and SubCompatibleID
> fields of the usb_ext_compat_desc structure into an array, which triggers
> a warning in the fortified memcpy():
>
> In file included from drivers/usb/gadget/function/f_fs.c:17:
> In file included from include/linux/string.h:254:
> include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
> __read_overflow2_field(q_size_field, size);
>
> Usually we can avoid this by using a struct_group() inside of the structure
> definition, but this might cause problems in userspace since it is in a uapi
> header.
We use this in other uapi .h files, what is unique about these fields
that makes it so that they can not be used? Because it's not the last
field?
thanks,
greg k-h
Powered by blists - more mailing lists