Kees Cook <keescook@xxxxxxxxxxxx> wrote: > Using memcpy() from a buffer that is shorter than the length copied means > the destination buffer is being filled with arbitrary data from the kernel > rodata segment. In this case, the source was made longer, since it did not > match the destination structure size. Additionally removes a needless cast. > > This was found with the future CONFIG_FORTIFY_SOURCE feature. > > Cc: Daniel Micay <danielmicay@xxxxxxxxx> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Patch applied to wireless-drivers-next.git, thanks. e48d661eb13f ray_cs: Avoid reading past end of buffer -- https://patchwork.kernel.org/patch/9714453/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
