Re: [PATCH v2] firmware: coreboot: Check size of table entry and split memcpy

From: Kees Cook
Date: Thu Jan 12 2023 - 18:00:50 EST

Next message: syzbot: "Re: [syzbot] [udf?] general protection fault in udf_fiiter_write_fi"
Previous message: Rob Herring: "Re: [PATCH v10 4/9] dt-bindings: display: bridge: anx7625: Add mode-switch support"
In reply to: Julius Werner: "Re: [PATCH v2] firmware: coreboot: Check size of table entry and split memcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 09, 2023 at 04:02:26PM +0100, Julius Werner wrote:
> Reviewed-by: Julius Werner <jwerner@xxxxxxxxxxxx>
>
> > - memcpy(&device->entry, ptr_entry, entry->size);
> > + memcpy(device->raw, entry, entry->size);
>
> nit: It's a bit odd to change the source pointer from ptr_entry to
> entry here. Technically the static analyzer would be within its rights
> to give you a warning for that as well, because you're now
> "overrunning" the source struct instead of the destination one.

True. We've been focused on write overflows, but yeah, since the
location of the flex array changed, I'll switch this back to ptr_entry.

--
Kees Cook

Next message: syzbot: "Re: [syzbot] [udf?] general protection fault in udf_fiiter_write_fi"
Previous message: Rob Herring: "Re: [PATCH v10 4/9] dt-bindings: display: bridge: anx7625: Add mode-switch support"
In reply to: Julius Werner: "Re: [PATCH v2] firmware: coreboot: Check size of table entry and split memcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]