Re: [PATCH] Bluetooth: mgmt: Pessimize compile-time bounds-check

From: Marcel Holtmann
Date: Thu Aug 19 2021 - 10:52:36 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] staging: r8188eu: Remove _enter/_exit_critical_mutex()"
Previous message: Lukas Bulwahn: "[PATCH] mei: improve Denverton HSM & IFSI support"
In reply to: Kees Cook: "[PATCH] Bluetooth: mgmt: Pessimize compile-time bounds-check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Kees,

> After gaining __alloc_size hints, GCC thinks it can reach a memcpy()
> with eir_len == 0 (since it can't see into the rewrite of status).
> Instead, check eir_len == 0, avoiding this future warning:
>
> In function 'eir_append_data',
> inlined from 'read_local_oob_ext_data_complete' at net/bluetooth/mgmt.c:7210:12:
> ./include/linux/fortify-string.h:54:29: warning: '__builtin_memcpy' offset 5 is out of the bounds [0, 3] [-Warray-bounds]
> ...
> net/bluetooth/hci_request.h:133:2: note: in expansion of macro 'memcpy'
> 133 | memcpy(&eir[eir_len], data, data_len);
> | ^~~~~~
>
> Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx>
> Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx>
> Cc: Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: linux-bluetooth@xxxxxxxxxxxxxxx
> Cc: netdev@xxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> net/bluetooth/mgmt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] staging: r8188eu: Remove _enter/_exit_critical_mutex()"
Previous message: Lukas Bulwahn: "[PATCH] mei: improve Denverton HSM & IFSI support"
In reply to: Kees Cook: "[PATCH] Bluetooth: mgmt: Pessimize compile-time bounds-check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]