Al Viro wrote:
> On Sat, Jan 21, 2012 at 08:02:37PM +0100, Szymon Janc wrote:
>> --- a/fs/binfmt_misc.c
>> +++ b/fs/binfmt_misc.c
>> @@ -418,7 +418,7 @@ static int parse_command(const char __user *buffer, size_t count)
>> return 0;
>> if (count > 3)
>> return -EINVAL;
>> - if (copy_from_user(s, buffer, count))
>> + if (copy_from_user(s, buffer, min(count, sizeof(s))))
>
> File a report in gcc bugzilla. Note that
> * count is size_t and thus unsigned
> * sizeof(s) is 4
> IOW, min(count, sizeof(s)) should do no better (or worse) than count here.
> If gcc is unable to prove that, it really needs to be fixed...
Looks like this is <http://gcc.gnu.org/PR52798>.
Thanks,
Jonathan