| Message ID | 20210806215733.2875927-1-keescook@chromium.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | pcmcia: ray_cs: Split memcpy() to avoid bounds check warning | expand |
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c index 590bd974d94f..d57bbe551630 100644 --- a/drivers/net/wireless/ray_cs.c +++ b/drivers/net/wireless/ray_cs.c @@ -982,7 +982,9 @@ AP to AP 1 1 dest AP src AP dest source if (local->net_type == ADHOC) { writeb(0, &ptx->mac.frame_ctl_2); memcpy_toio(ptx->mac.addr_1, ((struct ethhdr *)data)->h_dest, - 2 * ADDRLEN); + ADDRLEN); + memcpy_toio(ptx->mac.addr_2, ((struct ethhdr *)data)->h_source, + ADDRLEN); memcpy_toio(ptx->mac.addr_3, local->bss_id, ADDRLEN); } else { /* infrastructure */
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Split memcpy() for each address range to help memcpy() correctly reason about the bounds checking. Avoids the future warning: In function 'fortify_memcpy_chk', inlined from 'memcpy_toio' at ./include/asm-generic/io.h:1204:2, inlined from 'ray_build_header.constprop' at drivers/net/wireless/ray_cs.c:984:3: ./include/linux/fortify-string.h:285:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] 285 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc: Kalle Valo <kvalo@codeaurora.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/net/wireless/ray_cs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)