`struct fileIdentDesc` is a flexible structure, which means that it
contains a flexible-array member at the bottom. This could potentially
lead to an overwrite of the objects following `fi` in `struct
udf_fileident_iter` at run-time.
Fix this by placing the declaration of object `fi` at the end of
`struct udf_fileident_iter`.
-Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
ready to enable it globally.
Fixes: d16076d9b684 ("udf: New directory iteration code")
Cc: [email protected]
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
fs/udf/udfdecl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h
index 88692512a466..736f591abc89 100644
--- a/fs/udf/udfdecl.h
+++ b/fs/udf/udfdecl.h
@@ -93,11 +93,11 @@ struct udf_fileident_iter {
sector_t loffset; /* Block offset of 'pos' within above
* extent */
struct extent_position epos; /* Position after the above extent */
- struct fileIdentDesc fi; /* Copied directory entry */
uint8_t *name; /* Pointer to entry name */
uint8_t *namebuf; /* Storage for entry name in case
* the name is split between two blocks
*/
+ struct fileIdentDesc fi; /* Copied directory entry */
};
struct udf_vds_record {
--
2.34.1
On Mon, Oct 02, 2023 at 06:14:26PM +0200, Gustavo A. R. Silva wrote:
> `struct fileIdentDesc` is a flexible structure, which means that it
> contains a flexible-array member at the bottom. This could potentially
> lead to an overwrite of the objects following `fi` in `struct
> udf_fileident_iter` at run-time.
>
> Fix this by placing the declaration of object `fi` at the end of
> `struct udf_fileident_iter`.
>
> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
> ready to enable it globally.
>
> Fixes: d16076d9b684 ("udf: New directory iteration code")
> Cc: [email protected]
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
Looks right.
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Mon 02-10-23 18:14:26, Gustavo A. R. Silva wrote:
> `struct fileIdentDesc` is a flexible structure, which means that it
> contains a flexible-array member at the bottom. This could potentially
> lead to an overwrite of the objects following `fi` in `struct
> udf_fileident_iter` at run-time.
>
> Fix this by placing the declaration of object `fi` at the end of
> `struct udf_fileident_iter`.
>
> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
> ready to enable it globally.
>
> Fixes: d16076d9b684 ("udf: New directory iteration code")
> Cc: [email protected]
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
Thanks for the patch! This is in fact harmless since we never use the
impUse field. But I agree it is confusing so I'll merge attached fix
instead.
Honza
--
Jan Kara <[email protected]>
SUSE Labs, CR