| Message ID | 20210727205855.411487-59-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | Introduce strict memcpy() bounds checking | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Guessing tree name failed - patch did not apply |
Kees Cook <keescook@chromium.org> writes: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memset(), avoid intentionally writing across > neighboring fields. > > Instead of writing across a field boundary with memset(), move the call > to just the array, and an explicit zeroing of the prior field. > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > drivers/macintosh/smu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c > index 94fb63a7b357..59ce431da7ef 100644 > --- a/drivers/macintosh/smu.c > +++ b/drivers/macintosh/smu.c > @@ -848,7 +848,8 @@ int smu_queue_i2c(struct smu_i2c_cmd *cmd) > cmd->read = cmd->info.devaddr & 0x01; > switch(cmd->info.type) { > case SMU_I2C_TRANSFER_SIMPLE: > - memset(&cmd->info.sublen, 0, 4); > + cmd->info.sublen = 0; > + memset(&cmd->info.subaddr, 0, 3); > break; > case SMU_I2C_TRANSFER_COMBINED: > cmd->info.devaddr &= 0xfe; > -- > 2.30.2 Reviewed-by: Michael Ellerman <mpe@ellerman.id.au> cheers
diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c index 94fb63a7b357..59ce431da7ef 100644 --- a/drivers/macintosh/smu.c +++ b/drivers/macintosh/smu.c @@ -848,7 +848,8 @@ int smu_queue_i2c(struct smu_i2c_cmd *cmd) cmd->read = cmd->info.devaddr & 0x01; switch(cmd->info.type) { case SMU_I2C_TRANSFER_SIMPLE: - memset(&cmd->info.sublen, 0, 4); + cmd->info.sublen = 0; + memset(&cmd->info.subaddr, 0, 3); break; case SMU_I2C_TRANSFER_COMBINED: cmd->info.devaddr &= 0xfe;
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memset(), avoid intentionally writing across neighboring fields. Instead of writing across a field boundary with memset(), move the call to just the array, and an explicit zeroing of the prior field. Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/macintosh/smu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)