Kees Cook <keescook@xxxxxxxxxxxx> writes: > In preparation for FORTIFY_SOURCE performing run-time destination buffer > bounds checking for memcpy(), refactor the use of struct iwl_calib_result: > > - Have struct iwl_calib_result contain struct iwl_calib_cmd since > functions expect to operate on the "data" flex array in "cmd", which > follows the "hdr" member. > - Switch argument passing around to use struct iwl_calib_cmd instead of > struct iwl_calib_hdr to prepare functions to see the "data" member. > - Change iwl_calib_set()'s "len" argument to a size_t since it is always > unsigned and is normally receiving the output of sizeof(). > - Add an explicit length sanity check in iwl_calib_set(). > - Adjust the memcpy() to avoid copying across the now visible composite > flex array structure. > > This avoids the future run-time warning: > > memcpy: detected field-spanning write (size 8) of single field "&res->hdr" (size 4) > > Cc: Luca Coelho <luciano.coelho@xxxxxxxxx> > Cc: Kalle Valo <kvalo@xxxxxxxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: Lee Jones <lee.jones@xxxxxxxxxx> > Cc: Johannes Berg <johannes.berg@xxxxxxxxx> > Cc: linux-wireless@xxxxxxxxxxxxxxx > Cc: netdev@xxxxxxxxxxxxxxx > Reported-by: Andy Lavr <andy.lavr@xxxxxxxxx> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Gregory, as this fixes a future warning can I take this directly to wireless-next? -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
