[PATCH] IB/ehca: use correct destination for memcpy

[PATCH] IB/ehca: use correct destination for memcpy

[Nicholas Mc Guire]

Using an element of a struct as the address for the memcpy of the whole
struct may introduce a buffer overflow and does not help readability either
simply pass the real thing as first argument to memcpy.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
---

passing the first element of a struct as destination triggers buffer 
overflows warnings in tools like Smatch. 
./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_attach_mcast.80 WARNING:
memcpy copying entire struct to first element
./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_detach_mcast.117 WARNING:
memcpy copying entire struct to first element

Simply use the structure rather than the first element (which could change)
which also help readability.

Patch was only compile tested with ppc64_defconfig (implies
CONFIG_INFINIBAND_EHCA=m)

Patch is against 4.1-rc3 (localversion-next is -next-20150511)

 drivers/infiniband/hw/ehca/ehca_mcast.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/infiniband/hw/ehca/ehca_mcast.c b/drivers/infiniband/hw/ehca/ehca_mcast.c
index 120aedf..cec1815 100644
--- a/drivers/infiniband/hw/ehca/ehca_mcast.c
+++ b/drivers/infiniband/hw/ehca/ehca_mcast.c
@@ -77,7 +77,7 @@ int ehca_attach_mcast(struct ib_qp *ibqp, union ib_gid *gid, u16 lid)
 		return -EINVAL;
 	}
 
-	memcpy(&my_gid.raw, gid->raw, sizeof(union ib_gid));
+	memcpy(&my_gid, gid->raw, sizeof(union ib_gid));
 
 	subnet_prefix = be64_to_cpu(my_gid.global.subnet_prefix);
 	interface_id = be64_to_cpu(my_gid.global.interface_id);
@@ -114,7 +114,7 @@ int ehca_detach_mcast(struct ib_qp *ibqp, union ib_gid *gid, u16 lid)
 		return -EINVAL;
 	}
 
-	memcpy(&my_gid.raw, gid->raw, sizeof(union ib_gid));
+	memcpy(&my_gid, gid->raw, sizeof(union ib_gid));
 
 	subnet_prefix = be64_to_cpu(my_gid.global.subnet_prefix);
 	interface_id = be64_to_cpu(my_gid.global.interface_id);
-- 
1.7.10.4

Re: [PATCH] IB/ehca: use correct destination for memcpy

[Doug Ledford]

[-- Attachment #1: Type: text/plain, Size: 1149 bytes --]

On Mon, 2015-05-11 at 16:38 +0200, Nicholas Mc Guire wrote:
> Using an element of a struct as the address for the memcpy of the whole
> struct may introduce a buffer overflow and does not help readability either
> simply pass the real thing as first argument to memcpy.
> 
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
> ---
> 
> passing the first element of a struct as destination triggers buffer 
> overflows warnings in tools like Smatch. 
> ./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_attach_mcast.80 WARNING:
> memcpy copying entire struct to first element
> ./drivers/infiniband/hw/ehca/ehca_mcast.c:ehca_detach_mcast.117 WARNING:
> memcpy copying entire struct to first element
> 
> Simply use the structure rather than the first element (which could change)
> which also help readability.
> 
> Patch was only compile tested with ppc64_defconfig (implies
> CONFIG_INFINIBAND_EHCA=m)
> 
> Patch is against 4.1-rc3 (localversion-next is -next-20150511)

Applied, thanks.

-- 
Doug Ledford <dledford@redhat.com>
              GPG KeyID: 0E572FDD


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]