tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fortify: Do not special-case 0-sized destinations

All fake flexible arrays should have been removed now, so remove the
special casing that was avoiding checking them. If a destination claims
to be 0 sized, believe it. This is especially important for cases where
__counted_by is in use and may have a 0 element count.

Link: https://lore.kernel.org/r/20240619203105.work.747-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

Kees Cook 2003e483 d6f635bc

+3 -8
+2 -6
include/linux/fortify-string.h
··· 601 601 /* 602 602 * Warn when writing beyond destination field size. 603 603 * 604 - * We must ignore p_size_field == 0 for existing 0-element 605 - * fake flexible arrays, until they are all converted to 606 - * proper flexible arrays. 607 - * 608 - * The implementation of __builtin_*object_size() behaves 604 + * Note the implementation of __builtin_*object_size() behaves 609 605 * like sizeof() when not directly referencing a flexible 610 606 * array member, which means there will be many bounds checks 611 607 * that will appear at run-time, without a way for them to be ··· 609 613 * is specifically the flexible array member). 610 614 * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832 611 615 */ 612 - if (p_size_field != 0 && p_size_field != SIZE_MAX && 616 + if (p_size_field != SIZE_MAX && 613 617 p_size != p_size_field && p_size_field < size) 614 618 return true; 615 619
+1 -2
lib/fortify_kunit.c
··· 910 910 memfunc(zero.buf, srcB, 0 + unconst); \ 911 911 KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ 912 912 KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ 913 - /* We currently explicitly ignore zero-sized dests. */ \ 914 913 memfunc(zero.buf, srcB, 1 + unconst); \ 915 914 KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ 916 - KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ 915 + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 1); \ 917 916 } 918 917 __fortify_test(memcpy) 919 918 __fortify_test(memmove)