On 5/28/21 13:13, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), avoid intentionally writing across
> neighboring array fields.
>
> Remove old-style 1-byte array in favor of a flexible array[1] to avoid
> future false-positive cross-field memcpy() warning in:
>
> esas2r_vda.c:
> memcpy(vi->cmd.gsv.version_info, esas2r_vdaioctl_versions, ...)
>
> The change in struct size doesn't change other structure sizes (it is
> already maxed out to 256 bytes, for example here:
>
> union {
> struct atto_ioctl_vda_scsi_cmd scsi;
> struct atto_ioctl_vda_flash_cmd flash;
> struct atto_ioctl_vda_diag_cmd diag;
> struct atto_ioctl_vda_cli_cmd cli;
> struct atto_ioctl_vda_smp_cmd smp;
> struct atto_ioctl_vda_cfg_cmd cfg;
> struct atto_ioctl_vda_mgt_cmd mgt;
> struct atto_ioctl_vda_gsv_cmd gsv;
> u8 cmd_info[256];
> } cmd;
>
> No sizes are calculated using the enclosing structure, so no other
> updates are needed.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Thanks
--
Gustavo
> ---
> drivers/scsi/esas2r/atioctl.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/esas2r/atioctl.h b/drivers/scsi/esas2r/atioctl.h
> index 4aca3d52c851..ff2ad9b38575 100644
> --- a/drivers/scsi/esas2r/atioctl.h
> +++ b/drivers/scsi/esas2r/atioctl.h
> @@ -1141,7 +1141,7 @@ struct __packed atto_ioctl_vda_gsv_cmd {
>
> u8 rsp_len;
> u8 reserved[7];
> - u8 version_info[1];
> + u8 version_info[];
> #define ATTO_VDA_VER_UNSUPPORTED 0xFF
>
> };
>
