* [PATCH] Fix potential overlap dest buffer
@ 2021-08-17 13:14 Nigel Croxon
2021-08-17 21:40 ` NeilBrown
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Nigel Croxon @ 2021-08-17 13:14 UTC (permalink / raw)
To: jes, mariusz.tkaczyk, neilb, xni, linux-raid
To meet requirements of Common Criteria certification vulnerablility
assessment. Static code analysis has been run and found the following
error. Overlapping_buffer: The source buffer potentially overlaps
with the destination buffer, which results in undefined
behavior for "memcpy".
The change is to use memmove instead of memcpy.
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
---
sha1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sha1.c b/sha1.c
index 11be7045..89b32f46 100644
--- a/sha1.c
+++ b/sha1.c
@@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
{
sha1_process_block (ctx->buffer, 64, ctx);
left_over -= 64;
- memcpy (ctx->buffer, &ctx->buffer[16], left_over);
+ memmove (ctx->buffer, &ctx->buffer[16], left_over);
}
ctx->buflen = left_over;
}
--
2.29.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix potential overlap dest buffer
2021-08-17 13:14 [PATCH] Fix potential overlap dest buffer Nigel Croxon
@ 2021-08-17 21:40 ` NeilBrown
2021-08-18 6:34 ` Paul Menzel
2021-10-08 15:50 ` Jes Sorensen
2 siblings, 0 replies; 5+ messages in thread
From: NeilBrown @ 2021-08-17 21:40 UTC (permalink / raw)
To: Nigel Croxon; +Cc: jes, mariusz.tkaczyk, xni, linux-raid
On Tue, 17 Aug 2021, Nigel Croxon wrote:
> To meet requirements of Common Criteria certification vulnerablility
> assessment. Static code analysis has been run and found the following
> error. Overlapping_buffer: The source buffer potentially overlaps
> with the destination buffer, which results in undefined
> behavior for "memcpy".
>
> The change is to use memmove instead of memcpy.
>
> Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Thanks,
NeilBrown
> ---
> sha1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sha1.c b/sha1.c
> index 11be7045..89b32f46 100644
> --- a/sha1.c
> +++ b/sha1.c
> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
> {
> sha1_process_block (ctx->buffer, 64, ctx);
> left_over -= 64;
> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
> }
> ctx->buflen = left_over;
> }
> --
> 2.29.2
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix potential overlap dest buffer
2021-08-17 13:14 [PATCH] Fix potential overlap dest buffer Nigel Croxon
2021-08-17 21:40 ` NeilBrown
@ 2021-08-18 6:34 ` Paul Menzel
2021-08-18 18:22 ` Nigel Croxon
2021-10-08 15:50 ` Jes Sorensen
2 siblings, 1 reply; 5+ messages in thread
From: Paul Menzel @ 2021-08-18 6:34 UTC (permalink / raw)
To: Nigel Croxon; +Cc: jes, mariusz.tkaczyk, neilb, xni, linux-raid
Dear Nigel,
Am 17.08.21 um 15:14 schrieb Nigel Croxon:
> To meet requirements of Common Criteria certification vulnerablility
vulnerability
> assessment.
That’s only part of a sentence? Is that supposed to be read as a
continuation of the commit message summary: … to meet requirements …?
> Static code analysis has been run and found the following
> error. Overlapping_buffer: The source buffer potentially overlaps
It’d be great, if you denoted, which tool was run. Maybe even add a
Found-by tag.
> with the destination buffer, which results in undefined
> behavior for "memcpy".
>
> The change is to use memmove instead of memcpy.
>
> Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
> ---
> sha1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sha1.c b/sha1.c
> index 11be7045..89b32f46 100644
> --- a/sha1.c
> +++ b/sha1.c
> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
> {
> sha1_process_block (ctx->buffer, 64, ctx);
> left_over -= 64;
> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
> }
> ctx->buflen = left_over;
> }
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Kind regards,
Paul
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix potential overlap dest buffer
2021-08-18 6:34 ` Paul Menzel
@ 2021-08-18 18:22 ` Nigel Croxon
0 siblings, 0 replies; 5+ messages in thread
From: Nigel Croxon @ 2021-08-18 18:22 UTC (permalink / raw)
To: Paul Menzel; +Cc: jes, mariusz.tkaczyk, neilb, xni, linux-raid
On 8/18/21 2:34 AM, Paul Menzel wrote:
> Dear Nigel,
>
>
> Am 17.08.21 um 15:14 schrieb Nigel Croxon:
>> To meet requirements of Common Criteria certification vulnerablility
>
> vulnerability
>
>> assessment.
>
> That’s only part of a sentence? Is that supposed to be read as a
> continuation of the commit message summary: … to meet requirements …?
>
Continuation of the commit message. Thanks for catching the
spelling mistake.
>> Static code analysis has been run and found the following
>> error. Overlapping_buffer: The source buffer potentially overlaps
>
> It’d be great, if you denoted, which tool was run. Maybe even add a
> Found-by tag.
>
I ran the Coverity scan on the latest build.
https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html
>> with the destination buffer, which results in undefined
>> behavior for "memcpy".
>>
>> The change is to use memmove instead of memcpy.
>>
>> Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
>> ---
>> sha1.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/sha1.c b/sha1.c
>> index 11be7045..89b32f46 100644
>> --- a/sha1.c
>> +++ b/sha1.c
>> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t
>> len, struct sha1_ctx *ctx)
>> {
>> sha1_process_block (ctx->buffer, 64, ctx);
>> left_over -= 64;
>> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
>> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
>> }
>> ctx->buflen = left_over;
>> }
>
> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
>
>
> Kind regards,
>
> Paul
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix potential overlap dest buffer
2021-08-17 13:14 [PATCH] Fix potential overlap dest buffer Nigel Croxon
2021-08-17 21:40 ` NeilBrown
2021-08-18 6:34 ` Paul Menzel
@ 2021-10-08 15:50 ` Jes Sorensen
2 siblings, 0 replies; 5+ messages in thread
From: Jes Sorensen @ 2021-10-08 15:50 UTC (permalink / raw)
To: Nigel Croxon, mariusz.tkaczyk, neilb, xni, linux-raid
On 8/17/21 9:14 AM, Nigel Croxon wrote:
> To meet requirements of Common Criteria certification vulnerablility
> assessment. Static code analysis has been run and found the following
> error. Overlapping_buffer: The source buffer potentially overlaps
> with the destination buffer, which results in undefined
> behavior for "memcpy".
>
> The change is to use memmove instead of memcpy.
>
> Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
> ---
> sha1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sha1.c b/sha1.c
> index 11be7045..89b32f46 100644
> --- a/sha1.c
> +++ b/sha1.c
> @@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
> {
> sha1_process_block (ctx->buffer, 64, ctx);
> left_over -= 64;
> - memcpy (ctx->buffer, &ctx->buffer[16], left_over);
> + memmove (ctx->buffer, &ctx->buffer[16], left_over);
> }
> ctx->buflen = left_over;
> }
>
Applied!
Thanks,
Jes
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-08 15:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-17 13:14 [PATCH] Fix potential overlap dest buffer Nigel Croxon
2021-08-17 21:40 ` NeilBrown
2021-08-18 6:34 ` Paul Menzel
2021-08-18 18:22 ` Nigel Croxon
2021-10-08 15:50 ` Jes Sorensen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.