On Sat, Jan 21, 2012 at 08:02:37PM +0100, Szymon Janc wrote: > This fix compilation error with CONFIG_DEBUG_STRICT_USER_COPY_CHECKS > enabled. It looks like gcc 4.6.2 is not able to prove that count > is within sizeof(s) bounds (although it is). > > CC [M] fs/binfmt_misc.o > In file included from arch/x86/include/asm/uaccess.h:573:0, > from include/linux/uaccess.h:5, > from include/linux/highmem.h:7, > from include/linux/pagemap.h:10, > from fs/binfmt_misc.c:26: > In function ???copy_from_user???, > inlined from ???parse_command.part.1??? at fs/binfmt_misc.c:421:20: > arch/x86/include/asm/uaccess_32.h:211:26: error: call to ???copy_from_user_overflow??? declared with attribute error: copy_from_user() buffer size is not provably correct > make[1]: *** [fs/binfmt_misc.o] Error 1 > make: *** [fs] Error 2 > > Signed-off-by: Szymon Janc <szymon@xxxxxxxxxxx> > --- > fs/binfmt_misc.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c > index a9198df..4879d35 100644 > --- a/fs/binfmt_misc.c > +++ b/fs/binfmt_misc.c > @@ -418,7 +418,7 @@ static int parse_command(const char __user *buffer, size_t count) > return 0; > if (count > 3) > return -EINVAL; > - if (copy_from_user(s, buffer, count)) > + if (copy_from_user(s, buffer, min(count, sizeof(s)))) File a report in gcc bugzilla. Note that * count is size_t and thus unsigned * sizeof(s) is 4 IOW, min(count, sizeof(s)) should do no better (or worse) than count here. If gcc is unable to prove that, it really needs to be fixed... -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
