| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jan 2024 16:55:26 +0300
From: Dmitry Antipov <dmantipov@...dex.ru>
To: Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
Cc: Brian Norris <briannorris@...omium.org>, Kalle Valo <kvalo@...nel.org>,
linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: memcpy: detected field-spanning write (size 101) of single field
"ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251
(size 1)
On 1/26/24 22:47, Ahelenia Ziemiańska wrote:
> [ 41.314634] memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1)
Short answer: if your device works as expected, most likely you can ignore this.
Long answer: this is caused by using CONFIG_FORTIFY_SOURCE with old style one-element
(in this particular case) or zero-length array members. See "Zero-length and one-element
arrays" at https://www.kernel.org/doc/html/latest/process/deprecated.html. Unfortunately
mwifiex is not completely migrated to C99-style flexible array members; if you're brave
enough, you can help the maintainers by trying this:
--- linux-6.6.11/drivers/net/wireless/marvell/mwifiex/fw.h 2024-01-10 19:17:02.000000000 +0300
+++ linux-6.6.11/drivers/net/wireless/marvell/mwifiex/fw.h 2024-01-29 14:21:55.574280719 +0300
@@ -1586,7 +1586,7 @@
struct host_cmd_ds_802_11_scan_ext {
u32 reserved;
- u8 tlv_buffer[1];
+ u8 tlv_buffer[];
} __packed;
struct mwifiex_ie_types_bss_mode {
Dmitry
Powered by blists - more mailing lists