• Andi Kleen's avatar
    drivers/media/platform/sti/delta/delta-ipc.c: fix read buffer overflow · e5a18af2
    Andi Kleen authored
    The single caller passes a string to delta_ipc_open, which copies with a
    fixed size larger than the string.  So it copies some random data after
    the original string the ro segment.
    
    If the string was at the end of a page it may fault.
    
    Just copy the string with a normal strcpy after clearing the field.
    
    Found by a LTO build (which errors out)
    because the compiler inlines the functions and can resolve
    the string sizes and triggers the compile time checks in memcpy.
    
    In function `memcpy',
        inlined from `delta_ipc_open.constprop' at linux/drivers/media/platform/sti/delta/delta-ipc.c:178:0,
        inlined from `delta_mjpeg_ipc_open' at linux/drivers/media/platform/sti/delta/delta-mjpeg-dec.c:227:0,
        inlined from `delta_mjpeg_decode' at linux/drivers/media/platform/sti/delta/delta-mjpeg-dec.c:403:0:
    /home/andi/lsrc/linux/include/linux/string.h:337:0: error: call to `__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
        __read_overflow2();
    
    Link: http://lkml.kernel.org/r/20171222001212.1850-1-andi@firstfloor.orgSigned-off-by: 's avatarAndi Kleen <ak@linux.intel.com>
    Cc: Hugues FRUCHET <hugues.fruchet@st.com>
    Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: 's avatarStephen Rothwell <sfr@canb.auug.org.au>
    e5a18af2
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.clang-format Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...