From: Arnd Bergmann <arnd@kernel.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
Udipto Goswami <quic_ugoswami@quicinc.com>,
John Keeping <john@keeping.me.uk>,
Linyu Yuan <quic_linyyuan@quicinc.com>,
Dan Carpenter <error27@gmail.com>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] usb: functionfs: avoid memcpy() field overflow warning
Date: Mon, 3 Jul 2023 14:30:32 +0200 [thread overview]
Message-ID: <20230703123053.3117488-1-arnd@kernel.org> (raw)
From: Arnd Bergmann <arnd@arndb.de>
__ffs_func_bind_do_os_desc() copies both the CompatibleID and SubCompatibleID
fields of the usb_ext_compat_desc structure into an array, which triggers
a warning in the fortified memcpy():
In file included from drivers/usb/gadget/function/f_fs.c:17:
In file included from include/linux/string.h:254:
include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
Usually we can avoid this by using a struct_group() inside of the structure
definition, but this might cause problems in userspace since it is in a uapi
header.
Just copy the two members individually.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/usb/gadget/function/f_fs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index f41a385a5c421..b8f9e52e6db6b 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2933,8 +2933,9 @@ static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
- ARRAY_SIZE(desc->CompatibleID) +
- ARRAY_SIZE(desc->SubCompatibleID));
+ sizeof(desc->CompatibleID));
+ memcpy(t->os_desc->ext_compat_id + sizeof(desc->CompatibleID),
+ &desc->SubCompatibleID, sizeof(desc->SubCompatibleID));
length = sizeof(*desc);
}
break;
--
2.39.2
next reply other threads:[~2023-07-03 12:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-03 12:30 Arnd Bergmann [this message]
2023-07-03 12:45 ` [PATCH] usb: functionfs: avoid memcpy() field overflow warning Greg Kroah-Hartman
2023-07-03 13:05 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230703123053.3117488-1-arnd@kernel.org \
--to=arnd@kernel.org \
--cc=arnd@arndb.de \
--cc=error27@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=john@keeping.me.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=quic_linyyuan@quicinc.com \
--cc=quic_ugoswami@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.