lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <59378600-8d36-4958-8882-fa693fcad4d6@yandex.ru>
Date: Mon, 29 Jan 2024 16:55:26 +0300
From: Dmitry Antipov <dmantipov@...dex.ru>
To: Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
Cc: Brian Norris <briannorris@...omium.org>, Kalle Valo <kvalo@...nel.org>,
 linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: memcpy: detected field-spanning write (size 101) of single field
 "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251
 (size 1)

On 1/26/24 22:47, Ahelenia Ziemiańska wrote:

> [   41.314634] memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1)

Short answer: if your device works as expected, most likely you can ignore this.

Long answer: this is caused by using CONFIG_FORTIFY_SOURCE with old style one-element
(in this particular case) or zero-length array members. See "Zero-length and one-element
arrays" at https://www.kernel.org/doc/html/latest/process/deprecated.html. Unfortunately
mwifiex is not completely migrated to C99-style flexible array members; if you're brave
enough, you can help the maintainers by trying this:

--- linux-6.6.11/drivers/net/wireless/marvell/mwifiex/fw.h	2024-01-10 19:17:02.000000000 +0300
+++ linux-6.6.11/drivers/net/wireless/marvell/mwifiex/fw.h	2024-01-29 14:21:55.574280719 +0300
@@ -1586,7 +1586,7 @@

  struct host_cmd_ds_802_11_scan_ext {
  	u32   reserved;
-	u8    tlv_buffer[1];
+	u8    tlv_buffer[];
  } __packed;

  struct mwifiex_ie_types_bss_mode {

Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ