On Mon, Dec 06, 2021 at 10:34:13PM -0800, Kees Cook wrote:
> tb_xdp_properties_changed_request() was calling tb_xdp_handle_error() with
> a struct tb_xdp_properties_changed_response on the stack, which does not
> have the "error" field present when cast to struct tb_xdp_error_response.
> This was detected when building with -Warray-bounds:
>
> drivers/thunderbolt/xdomain.c: In function 'tb_xdomain_properties_changed':
> drivers/thunderbolt/xdomain.c:226:22: error: array subscript 'const struct tb_xdp_error_response[0]' is partly outside array bounds of 'struct tb_xdp_properties_changed_response[1]' [-Werror=array-bounds]
> 226 | switch (error->error) {
> | ~~~~~^~~~~~~
> drivers/thunderbolt/xdomain.c:448:51: note: while referencing 'res'
> 448 | struct tb_xdp_properties_changed_response res;
> | ^~~
>
> Add union containing struct tb_xdp_error_response to structures passed
> to tb_xdp_handle_error(), so that the "error" field will be present.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Applied, thanks!
