Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp102482yba; Fri, 3 May 2019 21:49:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqwnf+sdYifyhvCCnLJIH05LI0V70hZOnVyBogh76K1Ga6qdEd3y5bQw6u4bh7pe8A0xtFNH X-Received: by 2002:a62:6a81:: with SMTP id f123mr16799301pfc.40.1556945381943; Fri, 03 May 2019 21:49:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556945381; cv=none; d=google.com; s=arc-20160816; b=BK/ZriVksSfobgRKgf45WMtWvI+WuQZgE829+3SxJh7Ifck2XIz9feUczczJx9I9Pc RM5pPPm2rwSQIkB0CLNPzWA3FiwmgbW8G0LIdX4yqavAcRinZc3WDSybCMdQEY1md+yk c+LhDYBCnXneXYqB2GXyOroOEwhtUxpCSkIfnpgbOSk8jCtvqz/uGOF8UznZhgRUtWy0 +N5zH309d1mWwcAjkrmba4VDCzDU7Wkke7E/JNXLAqi6RehvIv/oEOp5hygEAL+LNl9L wU1HFt0LLfYZMg3yOTb1sm6I59NPZs/4q7UdOUC6adQLW84e8WvTodGjZuF456gwF6iO Ayzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=PDuRH1K9JPffUuiQ/v22BW3SKSOeFhCOsRXBVAuUTAo=; b=AVjbAHfWPk9E/Sjxor6G17l6B9+Ali0tqwWRd3lPYCB1JeQU3IoyIkxaJ8xPy8Uczd K0jysXbHhwRcB60vvRPAOZZta7tEE1gHUAncibzj1t9JqI+OM7MUWHhTurShE63ode+m MknRML1h1nQaLBZkxQqcpgKRdBdZh8MJmm4R8j99qm3kMjaaT54pp7e9xf1bWQeHa6Gy EO06MvHXvRBNH6U//N3knW5HKCDgAecisMiiu/69x+mQaZWYQnTF0dhZ+v+ESqLljX+l qXwD8sS09yK6YGlRXIXToT6U0BmP2Mhsiq/3JiY+mPi5StY1+3i53LPVryKCnkg3bcjO hcRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r127si5620849pfr.78.2019.05.03.21.49.26; Fri, 03 May 2019 21:49:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726672AbfEDEo6 (ORCPT + 99 others); Sat, 4 May 2019 00:44:58 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:56270 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725787AbfEDEo6 (ORCPT ); Sat, 4 May 2019 00:44:58 -0400 Received: from localhost (unknown [75.104.87.19]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 205E314D91286; Fri, 3 May 2019 21:44:52 -0700 (PDT) Date: Sat, 04 May 2019 00:44:49 -0400 (EDT) Message-Id: <20190504.004449.945185836330139212.davem@davemloft.net> To: chris.packham@alliedtelesis.co.nz Cc: jon.maloy@ericsson.com, ying.xue@windriver.com, netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH] tipc: Avoid copying bytes beyond the supplied data From: David Miller In-Reply-To: <20190502031004.7125-1-chris.packham@alliedtelesis.co.nz> References: <20190502031004.7125-1-chris.packham@alliedtelesis.co.nz> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 03 May 2019 21:44:57 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chris Packham Date: Thu, 2 May 2019 15:10:04 +1200 > TLV_SET is called with a data pointer and a len parameter that tells us > how many bytes are pointed to by data. When invoking memcpy() we need > to careful to only copy len bytes. > > Previously we would copy TLV_LENGTH(len) bytes which would copy an extra > 4 bytes past the end of the data pointer which newer GCC versions > complain about. > > In file included from test.c:17: > In function 'TLV_SET', > inlined from 'test' at test.c:186:5: > /usr/include/linux/tipc_config.h:317:3: > warning: 'memcpy' forming offset [33, 36] is out of the bounds [0, 32] > of object 'bearer_name' with type 'char[32]' [-Warray-bounds] > memcpy(TLV_DATA(tlv_ptr), data, tlv_len); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > test.c: In function 'test': > test.c::161:10: note: > 'bearer_name' declared here > char bearer_name[TIPC_MAX_BEARER_NAME]; > ^~~~~~~~~~~ > > Signed-off-by: Chris Packham But now the pad bytes at the end are uninitialized. The whole idea is that the encapsulating TLV object has to be rounded up in size based upon the given 'len' for the data.