Hello Andrzej Pietrasiewicz,
The patch da4243145fb1: "usb: gadget: configfs: OS Extended
Compatibility descriptors support" from May 8, 2014, leads to the
following Smatch warning:
drivers/usb/gadget/configfs.c:1195 interf_grp_sub_compatible_id_store()
error: buffer overflow 'desc->ext_compat_id' 16 <= 16
drivers/usb/gadget/configfs.c
1184 static ssize_t interf_grp_sub_compatible_id_store(struct usb_os_desc *desc,
1185 const char *page, size_t len)
1186 {
1187 int l;
1188
1189 l = min_t(int, 8, len);
Let's assume l is 8.
1190 if (page[l - 1] == '\n')
1191 --l;
1192 if (desc->opts_mutex)
1193 mutex_lock(desc->opts_mutex);
1194 memcpy(desc->ext_compat_id + 8, page, l);
1195 desc->ext_compat_id[l + 8] = '\0';
Then we are putting the NULL terminator one space beyond the end of the
array. ->ext_compat_id is set in rndis_alloc_inst().
This is not a false postive, but I'm not positive how we should fix it.
1196
1197 if (desc->opts_mutex)
1198 mutex_unlock(desc->opts_mutex);
1199
1200 return len;
1201 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
