Re: [PATCH] Fix potential overlap dest buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/18/21 2:34 AM, Paul Menzel wrote:
Dear Nigel,


Am 17.08.21 um 15:14 schrieb Nigel Croxon:
To meet requirements of Common Criteria certification vulnerablility

vulnerability

assessment.

That’s only part of a sentence? Is that supposed to be read as a continuation of the commit message summary: … to meet requirements …?


Continuation of the commit message. Thanks for catching the
spelling mistake.

Static code analysis has been run and found the following
error.  Overlapping_buffer: The source buffer potentially overlaps

It’d be great, if you denoted, which tool was run. Maybe even add a Found-by tag.


I ran the Coverity scan on the latest build.
https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html


with the destination buffer, which results in undefined
behavior for "memcpy".

The change is to use memmove instead of memcpy.

Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx>
---
  sha1.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sha1.c b/sha1.c
index 11be7045..89b32f46 100644
--- a/sha1.c
+++ b/sha1.c
@@ -258,7 +258,7 @@ sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
      {
        sha1_process_block (ctx->buffer, 64, ctx);
        left_over -= 64;
-      memcpy (ctx->buffer, &ctx->buffer[16], left_over);
+      memmove (ctx->buffer, &ctx->buffer[16], left_over);
      }
        ctx->buflen = left_over;
      }

Reviewed-by: Paul Menzel <pmenzel@xxxxxxxxxxxxx>


Kind regards,

Paul





[Index of Archives]     [Linux RAID Wiki]     [ATA RAID]     [Linux SCSI Target Infrastructure]     [Linux Block]     [Linux IDE]     [Linux SCSI]     [Linux Hams]     [Device Mapper]     [Device Mapper Cryptographics]     [Kernel]     [Linux Admin]     [Linux Net]     [GFS]     [RPM]     [git]     [Yosemite Forum]


  Powered by Linux