Re: [PATCH][next] udf: Fix -Wstringop-overflow warnings

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Jan Kara <jack@suse.com>,
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH][next] udf: Fix -Wstringop-overflow warnings
Date: Wed, 12 Jul 2023 12:05:34 -0700	[thread overview]
Message-ID: <202307121204.36EF4C1@keescook> (raw)
In-Reply-To: <ZK7wKS0NgZPfqrZu@work>

On Wed, Jul 12, 2023 at 12:25:45PM -0600, Gustavo A. R. Silva wrote:
> Use unsigned type in call to macro mint_t(). This avoids confusing the
> compiler about possible negative values that would cause the value in
> _len_ to wrap around.
> 
> Fixes the following -Wstringop-warnings seen when building ARM
> architecture with allyesconfig (GCC 13):
> fs/udf/directory.c: In function 'udf_copy_fi':
> include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
>    57 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
>   648 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
>   693 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
>    99 |         memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
>       |         ^~~~~~
> include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
>    57 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
>   648 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
>   693 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
>    99 |         memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
>       |         ^~~~~~
>   AR      fs/udf/built-in.a
> 
> This helps with the ongoing efforts to globally enable
> -Wstringop-overflow.
> 
> Link: https://github.com/KSPP/linux/issues/329
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
>  fs/udf/directory.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/udf/directory.c b/fs/udf/directory.c
> index 1c775e072b2f..93153665eb37 100644
> --- a/fs/udf/directory.c
> +++ b/fs/udf/directory.c
> @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter)
>  	}
>  
>  	off = iter->pos & (blksize - 1);
> -	len = min_t(int, sizeof(struct fileIdentDesc), blksize - off);
> +	len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off);
>  	memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
>  	if (len < sizeof(struct fileIdentDesc))
>  		memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data,

len is u32, "off" can't be less than blksize, so this all looks correct
to me. Thanks!

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

next prev parent reply	other threads:[~2023-07-12 19:05 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-12 18:25 [PATCH][next] udf: Fix -Wstringop-overflow warnings Gustavo A. R. Silva
2023-07-12 19:05 ` Kees Cook [this message]
2023-07-31 14:35   ` Jan Kara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202307121204.36EF4C1@keescook \
    --to=keescook@chromium.org \
    --cc=gustavoars@kernel.org \
    --cc=jack@suse.com \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox