| Message ID | 20230619082019.656605-1-arnd@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2849981vqr;
Mon, 19 Jun 2023 01:31:59 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ4PdanuaBsMcJ9K1dc6AsvydylBfc7tipHpQP+geEdDoWEAw+QldrC+m7PXBE73FrtHFtM+
X-Received: by 2002:a05:6870:b211:b0:18e:b4df:a560 with SMTP id
a17-20020a056870b21100b0018eb4dfa560mr228430oam.10.1687163519268;
Mon, 19 Jun 2023 01:31:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1687163519; cv=none;
d=google.com; s=arc-20160816;
b=YY+S46OK6wJ+pm+em9Zn0cS0DWrHX7gjzeMzsB7Wq0z+kbLQceUZ7riCraQ1rc4VrX
I9kChRQMdHguwajSH+Ihxye19OHR1Ud2MrlUHW1bHtW25eoyCY9NVxXAq4LMFOQ/QAnk
zls9+CBrryuKY9eRlEvH1eWAKLAQObydGrOYdQs46YgyEAQ2TJFNPVU+1vk5UIqiX7iT
L6V0RbkJRdJO/DT4Q5v4SpUjU3yzRLnkimnroY8+0Xz8DYOlBDynzD5REKdj5G2/SW89
/A2EFdtnnaxvq2fRWb/3TMSUtyT6WdTcL1vv6cn6FARcsbAVemX17uOA6gHVKxUoDsXM
fbMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=0btVsZWd+FyiKtKdmRO5MIEcLSBzUu2m3rV7aWj5k4c=;
b=FVT97kjRw27Hh+eMGSwnDpykJbTs3EDHMbld2Iv6ItrjHKi65eIkFV/+QW5xcEB4PQ
W0pGIWev7mMDq295IWSIMqNrVUksscFVj0jczDBbfxrBuE8gB+RdQ1XVZ3rUk8RZ0EzE
oKnwaAYsYDoUSKj3EISfbbxKzEKcqLC2Oa4Mej/46f16rUYf5pb9H1BHUfALtd+fVs7T
671SHnkn1tzomAZqrCCCIO6FWwD0MOMncCKSIGyNY5kSrQo0Moe0ycDr/k3Yck7ZYmBP
gKVngeP5aUkShunYKfoelgysu3L27ih0x4eUtfSqQLU1sCFY0KNRtM7T9kFazDgqwkcz
iOiQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mdMIswmr;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
t186-20020a6381c3000000b0054ff67daa8csi9042054pgd.751.2023.06.19.01.31.46;
Mon, 19 Jun 2023 01:31:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mdMIswmr;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230256AbjFSIUh (ORCPT <rfc822;duw91626@gmail.com> + 99 others);
Mon, 19 Jun 2023 04:20:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57740 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230180AbjFSIUa (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 19 Jun 2023 04:20:30 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 818B0FA;
Mon, 19 Jun 2023 01:20:27 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 1ECBD61490;
Mon, 19 Jun 2023 08:20:27 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8663AC433C8;
Mon, 19 Jun 2023 08:20:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1687162826;
bh=3qmrbX+gre5g324ufIaHDRifEUP5SgH9Kco2mZL155U=;
h=From:To:Cc:Subject:Date:From;
b=mdMIswmrdfZbEPolQxk4U3MMdRbKG7clRlpwVVU+po7lodeNJWfqP5tlXv7sOyBzk
zuKikrud9u1SwwPwOPAY/P0xvVwd5knb/W0+3i7VdRoYukOUV65ZNl5a2qR1iZY19F
RxU3Ev3AcFf2V8deVvxspGeIiOKmuRu9tSTIHKiPThxC2Yax0XE8Dqs/lw2XVwohf3
+blK27iRqPof/ng//FKYF95MaC18xx2pYaGreus772awP0FtgxvHQNbrUsAZwK+aLK
rBJ8KzE9ezDRoObYV2aghtCwwYI4h9bY2dIH9TE8wToyvEryGZIz6raw1Y0Wv28w63
MQMC0ne7t2ctg==
From: Arnd Bergmann <arnd@kernel.org>
To: Namjae Jeon <linkinjeon@kernel.org>,
Steve French <sfrench@samba.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Tom Talpey <tom@talpey.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>,
Christian Brauner <brauner@kernel.org>,
Ronnie Sahlberg <lsahlber@redhat.com>,
Hyunchul Lee <hyc.lee@gmail.com>, linux-cifs@vger.kernel.org,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] [v2] smb: avoid field overflow warning
Date: Mon, 19 Jun 2023 10:19:38 +0200
Message-Id: <20230619082019.656605-1-arnd@kernel.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1769119174304793200?=
X-GMAIL-MSGID: =?utf-8?q?1769119174304793200?=
|
| Series |
[v2] smb: avoid field overflow warning
|
|
Commit Message
Arnd Bergmann
June 19, 2023, 8:19 a.m. UTC
From: Arnd Bergmann <arnd@arndb.de> clang warns about a possible field overflow in a memcpy: In file included from fs/smb/server/smb_common.c:7: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] __write_overflow_field(p_size_field, size); It appears to interpret the "&out[baselen + 4]" as referring to a single byte of the character array, while the equivalen "out + baselen + 4" is seen as an offset into the array. I don't see that kind of warning elsewhere, so just go with the simple rework. Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") Signed-off-by: Arnd Bergmann <arnd@arndb.de> ---- v2: fix typo in array length, and make sure it still addresses the warning --- fs/smb/server/smb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 6/19/2023 4:19 AM, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > clang warns about a possible field overflow in a memcpy: > > In file included from fs/smb/server/smb_common.c:7: > include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] > __write_overflow_field(p_size_field, size); > > It appears to interpret the "&out[baselen + 4]" as referring to a single > byte of the character array, while the equivalen "out + baselen + 4" is > seen as an offset into the array. > > I don't see that kind of warning elsewhere, so just go with the simple > rework. > > Fixes: e2f34481b24db ("cifsd: add server-side procedures for SMB3") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > ---- > v2: fix typo in array length, and make sure it still addresses the warning > --- > fs/smb/server/smb_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c > index a7e81067bc991..39c6c8d7d0623 100644 > --- a/fs/smb/server/smb_common.c > +++ b/fs/smb/server/smb_common.c > @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, > out[baselen + 3] = PERIOD; > > if (dot_present) > - memcpy(&out[baselen + 4], extension, 4); > + memcpy(out + baselen + 4, extension, 4); > else > out[baselen + 4] = '\0'; > smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, It'd be really confusing to have the other two out[baselen + foo] = bar in the lines above and below. Can this be fixed more clearly with a new pointer, like char *q = &out[baselen + 4]; memcpy(q, extension, 4); ?? Tom.
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index a7e81067bc991..39c6c8d7d0623 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, out[baselen + 3] = PERIOD; if (dot_present) - memcpy(&out[baselen + 4], extension, 4); + memcpy(out + baselen + 4, extension, 4); else out[baselen + 4] = '\0'; smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX,