sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS

Message ID 20210616195333.1231715-1-keescook@chromium.org
State New
Headers show
Series
  • sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
Related show

Commit Message

Kees Cook June 16, 2021, 7:53 p.m.
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/renesas/sh_eth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Wolfram Sang June 17, 2021, 5:50 a.m. | #1
On Wed, Jun 16, 2021 at 12:53:33PM -0700, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time

> field bounds checking for memcpy(), memmove(), and memset(), avoid

> intentionally reading across neighboring array fields.

> 

> The memcpy() is copying the entire structure, not just the first array.

> Adjust the source argument so the compiler can do appropriate bounds

> checking.

> 

> Signed-off-by: Kees Cook <keescook@chromium.org>


For the record:

Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>

Patch

diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index 177523be4fb6..840478692a37 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -2287,7 +2287,7 @@  static void sh_eth_get_strings(struct net_device *ndev, u32 stringset, u8 *data)
 {
 	switch (stringset) {
 	case ETH_SS_STATS:
-		memcpy(data, *sh_eth_gstrings_stats,
+		memcpy(data, sh_eth_gstrings_stats,
 		       sizeof(sh_eth_gstrings_stats));
 		break;
 	}