fortify: Do not special-case 0-sized destinations
All fake flexible arrays should have been removed now, so remove the special casing that was avoiding checking them. If a destination claims to be 0 sized, believe it. This is especially important for cases where __counted_by is in use and may have a 0 element count. Link: https://lore.kernel.org/r/20240619203105.work.747-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
parent
d6f635bcac
commit
2003e483a8
@ -601,11 +601,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
|
||||
/*
|
||||
* Warn when writing beyond destination field size.
|
||||
*
|
||||
* We must ignore p_size_field == 0 for existing 0-element
|
||||
* fake flexible arrays, until they are all converted to
|
||||
* proper flexible arrays.
|
||||
*
|
||||
* The implementation of __builtin_*object_size() behaves
|
||||
* Note the implementation of __builtin_*object_size() behaves
|
||||
* like sizeof() when not directly referencing a flexible
|
||||
* array member, which means there will be many bounds checks
|
||||
* that will appear at run-time, without a way for them to be
|
||||
@ -613,7 +609,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
|
||||
* is specifically the flexible array member).
|
||||
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832
|
||||
*/
|
||||
if (p_size_field != 0 && p_size_field != SIZE_MAX &&
|
||||
if (p_size_field != SIZE_MAX &&
|
||||
p_size != p_size_field && p_size_field < size)
|
||||
return true;
|
||||
|
||||
|
@ -910,10 +910,9 @@ static void fortify_test_##memfunc(struct kunit *test) \
|
||||
memfunc(zero.buf, srcB, 0 + unconst); \
|
||||
KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \
|
||||
KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \
|
||||
/* We currently explicitly ignore zero-sized dests. */ \
|
||||
memfunc(zero.buf, srcB, 1 + unconst); \
|
||||
KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \
|
||||
KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \
|
||||
KUNIT_EXPECT_EQ(test, fortify_write_overflows, 1); \
|
||||
}
|
||||
__fortify_test(memcpy)
|
||||
__fortify_test(memmove)
|
||||
|
Loading…
Reference in New Issue
Block a user