Hi Kees, > After gaining __alloc_size hints, GCC thinks it can reach a memcpy() > with eir_len == 0 (since it can't see into the rewrite of status). > Instead, check eir_len == 0, avoiding this future warning: > > In function 'eir_append_data', > inlined from 'read_local_oob_ext_data_complete' at net/bluetooth/mgmt.c:7210:12: > ./include/linux/fortify-string.h:54:29: warning: '__builtin_memcpy' offset 5 is out of the bounds [0, 3] [-Warray-bounds] > ... > net/bluetooth/hci_request.h:133:2: note: in expansion of macro 'memcpy' > 133 | memcpy(&eir[eir_len], data, data_len); > | ^~~~~~ > > Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx> > Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx> > Cc: Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: linux-bluetooth@xxxxxxxxxxxxxxx > Cc: netdev@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > net/bluetooth/mgmt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) patch has been applied to bluetooth-next tree. Regards Marcel
