| Message ID | 20230616090749.2646749-1-arnd@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1195776vqr;
Fri, 16 Jun 2023 02:26:51 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ7bjgU7VsHypRnkJHJ6+E8Bv4UWmr5l0MgvhCfk7XcFh9qWn7p6YYMDnR3o5cLZuFNTb7Q1
X-Received: by 2002:a05:6a00:1813:b0:665:bf43:6844 with SMTP id
y19-20020a056a00181300b00665bf436844mr1683482pfa.1.1686907611422;
Fri, 16 Jun 2023 02:26:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686907611; cv=none;
d=google.com; s=arc-20160816;
b=zNJZjq+DMammutet9huuD94lOJVTlIIgvyAxdHsiVAhLdZ9ktJSiedfUXYwL73QcuC
fiaq6GBHIzWYCaKlOWx/OxBjgu7nlQs3cIlEqPrgtKeAV3uwCDtK8k/l/42Bikpb/F1q
b+m+0pYloGbQx1DgRgjBtPwbFNg+XKitrAj30iDMt3jTT7CnudYXNQuSK/PM41sBwbN/
0/rZKQfeJpK06erzZLFp6wd9XZ0asdY8IYPE5UIMq9VPc9e6nyT5B/SWI4IGpi951XA+
yyPaLAWAvAoACW3xPWuPdCPWy2zLsWM5OKwJMkghqeleQL737l2W2TrYpqW2Wtr5WdGY
si9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=FPMkgO4hO0NVtEUHtZHePUgFYoT92Vp0NfB2FluQ/P4=;
b=yfxvldhN/dpdDjUVAGZgikNgHHGVdP9hryUrJEQMcZyTOTBR+jn/HaYbpXlQyN1IJY
C5rWGEZwhnJ9eO6iJ2NRC5mTsfU/TLJT3mrsoF2hveNWgHzNzsMkCQhLgSq7HYmIFMgF
EaEmk8XEaue5dKKe8jhNlSktdld/sHMFXvBMntoPLf5UbGxkXaBXBotCoPOCOftKDl03
hBwelHlU0iAWgYPnMGBLAn/eK96nwpCP+LYz/MANTibBmfcOZJxkVST3UjCVbbqf+g1w
ZF8egswmxyNMFA65SV4KaWSGdzBkas2O8SXwMmy1PTf7nMVNxOkh5bQglx8DMZjRuwG4
Bv7g==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OQgajVQV;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
e6-20020a636906000000b00543c1b14062si198979pgc.79.2023.06.16.02.26.37;
Fri, 16 Jun 2023 02:26:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OQgajVQV;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1343625AbjFPJKp (ORCPT <rfc822;maxin.john@gmail.com>
+ 99 others); Fri, 16 Jun 2023 05:10:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58098 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1343764AbjFPJJk (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 16 Jun 2023 05:09:40 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1952149D2;
Fri, 16 Jun 2023 02:07:57 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 967E763251;
Fri, 16 Jun 2023 09:07:56 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C8C3C433CD;
Fri, 16 Jun 2023 09:07:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1686906475;
bh=4phIGceOvtI2yxKDIT1C76n8i2VAK0TTfcMygNtE+64=;
h=From:To:Cc:Subject:Date:From;
b=OQgajVQV62OKGC/9ew5Mw9zNBUvWBMyfnUuOHneuy+cdi3NMZdc61WUdw4PWMpnv1
PDZble9eXjKhIG4raJnoCLlv0YKxvlCKQyu6URXNE0LezsYrXYKfwcgsnrwK4SOkDK
o+/YEqHfDEHlor+xmDv2jxNqnPK7xaeMWeRWGqsVlKdgEQPPwRxr++OuC8eD0JmUNG
JWKro2+aG33LZFyN/Pq7qDPWzy/L1+em8T4mOMikd1bNlSOIRypD6O9eMo8+MVW9je
mnV5SVIMCisxridyPv6HAAI5uF1a9xJXk8/WQg5/0bMLeTQpCa+/otjDjLfORtakFY
XrxgVmIS9ZD5A==
From: Arnd Bergmann <arnd@kernel.org>
To: Namjae Jeon <linkinjeon@kernel.org>,
Steve French <sfrench@samba.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
Sergey Senozhatsky <senozhatsky@chromium.org>, Tom Talpey <tom@talpey.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>, Tom Rix <trix@redhat.com>,
Christian Brauner <brauner@kernel.org>, Dave Chinner <dchinner@redhat.com>,
Kees Cook <keescook@chromium.org>,
=?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
Ronnie Sahlberg <lsahlber@redhat.com>, Hyunchul Lee <hyc.lee@gmail.com>,
linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev
Subject: [PATCH] smb: avoid field overflow warning
Date: Fri, 16 Jun 2023 11:07:28 +0200
Message-Id: <20230616090749.2646749-1-arnd@kernel.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768850835538310694?=
X-GMAIL-MSGID: =?utf-8?q?1768850835538310694?=
|
| Series |
smb: avoid field overflow warning
|
|
Commit Message
Arnd Bergmann
June 16, 2023, 9:07 a.m. UTC
From: Arnd Bergmann <arnd@arndb.de> clang warns about a possible field overflow in a memcpy: In file included from fs/smb/server/smb_common.c:7: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] __write_overflow_field(p_size_field, size); It appears to interpret the "&out[baselen + 4]" as referring to a single byte of the character array, while the equivalen "out + baselen + 4" is seen as an offset into the array. I don't see that kind of warning elsewhere, so just go with the simple rework. Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- fs/smb/server/smb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
2023-06-16 18:07 GMT+09:00, Arnd Bergmann <arnd@kernel.org>: > From: Arnd Bergmann <arnd@arndb.de> Hi Arnd, > > clang warns about a possible field overflow in a memcpy: > > In file included from fs/smb/server/smb_common.c:7: > include/linux/fortify-string.h:583:4: error: call to > '__write_overflow_field' declared with 'warning' attribute: detected write > beyond size of field (1st parameter); maybe use struct_group()? > [-Werror,-Wattribute-warning] > __write_overflow_field(p_size_field, size); > > It appears to interpret the "&out[baselen + 4]" as referring to a single > byte of the character array, while the equivalen "out + baselen + 4" is > seen as an offset into the array. > > I don't see that kind of warning elsewhere, so just go with the simple > rework. > > Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > fs/smb/server/smb_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c > index a7e81067bc991..e3273fa640b07 100644 > --- a/fs/smb/server/smb_common.c > +++ b/fs/smb/server/smb_common.c > @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, > const char *longname, > out[baselen + 3] = PERIOD; > > if (dot_present) > - memcpy(&out[baselen + 4], extension, 4); > + memcpy(out + baselen + 4, extension, 1); Is there any reason to change copy bytes from 4 bytes to 1 byte? Thanks! > else > out[baselen + 4] = '\0'; > smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, > -- > 2.39.2 > >
On Fri, Jun 16, 2023, at 16:40, Namjae Jeon wrote: > 2023-06-16 18:07 GMT+09:00, Arnd Bergmann <arnd@kernel.org>: >> From: Arnd Bergmann <arnd@arndb.de> >> >> clang warns about a possible field overflow in a memcpy: >> >> In file included from fs/smb/server/smb_common.c:7: >> include/linux/fortify-string.h:583:4: error: call to >> '__write_overflow_field' declared with 'warning' attribute: detected write >> beyond size of field (1st parameter); maybe use struct_group()? >> [-Werror,-Wattribute-warning] >> __write_overflow_field(p_size_field, size); >> >> It appears to interpret the "&out[baselen + 4]" as referring to a single >> byte of the character array, while the equivalen "out + baselen + 4" is >> seen as an offset into the array. >> >> I don't see that kind of warning elsewhere, so just go with the simple >> rework. >> >> Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") >> Signed-off-by: Arnd Bergmann <arnd@arndb.de> >> --- >> fs/smb/server/smb_common.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c >> index a7e81067bc991..e3273fa640b07 100644 >> --- a/fs/smb/server/smb_common.c >> +++ b/fs/smb/server/smb_common.c >> @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, >> const char *longname, >> out[baselen + 3] = PERIOD; >> >> if (dot_present) >> - memcpy(&out[baselen + 4], extension, 4); >> + memcpy(out + baselen + 4, extension, 1); > Is there any reason to change copy bytes from 4 bytes to 1 byte? > No, that was an accident, this patch is wrong. I have to revisit this one and check if my change actually still works after I change it back to the correct length. Arnd
2023-06-16 23:42 GMT+09:00, Arnd Bergmann <arnd@arndb.de>: > On Fri, Jun 16, 2023, at 16:40, Namjae Jeon wrote: >> 2023-06-16 18:07 GMT+09:00, Arnd Bergmann <arnd@kernel.org>: >>> From: Arnd Bergmann <arnd@arndb.de> >>> >>> clang warns about a possible field overflow in a memcpy: >>> >>> In file included from fs/smb/server/smb_common.c:7: >>> include/linux/fortify-string.h:583:4: error: call to >>> '__write_overflow_field' declared with 'warning' attribute: detected >>> write >>> beyond size of field (1st parameter); maybe use struct_group()? >>> [-Werror,-Wattribute-warning] >>> __write_overflow_field(p_size_field, size); >>> >>> It appears to interpret the "&out[baselen + 4]" as referring to a single >>> byte of the character array, while the equivalen "out + baselen + 4" is >>> seen as an offset into the array. >>> >>> I don't see that kind of warning elsewhere, so just go with the simple >>> rework. >>> >>> Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") >>> Signed-off-by: Arnd Bergmann <arnd@arndb.de> >>> --- >>> fs/smb/server/smb_common.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c >>> index a7e81067bc991..e3273fa640b07 100644 >>> --- a/fs/smb/server/smb_common.c >>> +++ b/fs/smb/server/smb_common.c >>> @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, >>> const char *longname, >>> out[baselen + 3] = PERIOD; >>> >>> if (dot_present) >>> - memcpy(&out[baselen + 4], extension, 4); >>> + memcpy(out + baselen + 4, extension, 1); >> Is there any reason to change copy bytes from 4 bytes to 1 byte? >> > > No, that was an accident, this patch is wrong. > > I have to revisit this one and check if my change actually still works > after I change it back to the correct length. Okay:) Thanks for your check! > > Arnd >
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index a7e81067bc991..e3273fa640b07 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, out[baselen + 3] = PERIOD; if (dot_present) - memcpy(&out[baselen + 4], extension, 4); + memcpy(out + baselen + 4, extension, 1); else out[baselen + 4] = '\0'; smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX,