[PATCH] Don't overflow when writing a key

Jan-Benedict Glaw jbglaw at lug-owl.de
Fri Oct 1 12:28:36 PDT 2021 

Hi!

I'm mass-building the GNU Toolchain, Linux, NetBSD and others and got
a warning with recent GCC versions when building Linux's
ARM-based aspeed_g4_defconfig:

[mk all 2021-10-01 14:10:14]   arm-linux-gnueabihf-gcc -Wp,-MMD,fs/ubifs/.journal.o.d -nostdinc -isystem /var/lib/laminar/run/linux-arm-aspeed_g4_defconfig/9/toolchain/bin/../lib/gcc/arm-linux-gnueabihf/12.0.0/include -I./arch/arm/include -I./arch/arm/include/generated  -I./include -I./arch/arm/include/uapi -I./arch/arm/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/compiler-version.h -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h -D__KERNEL__ -mlittle-endian -fmacro-prefix-map=./= -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Wno-format-security -std=gnu89 -fno-dwarf2-cfi-asm -fno-omit-frame-pointer -mapcs -mno-sched-prolog -fno-ipa-sra -mabi=aapcs-linux -mfpu=vfp -marm -Wa,-mno-warn-deprecated -D__LINUX_ARM_ARCH__=5 -march=armv5te -mtune=arm9tdmi -msoft-float -Uarm -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-address-of-packed-member -O2 -fno-allow-store-data-races -Wframe-larger-than=1024 -fstack-protector-strong -Wimplicit-fallthrough=5 -Wno-main -Wno-unused-but-set-variable -Wno-unused-const-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fno-stack-clash-protection -g -gdwarf-4 -fno-var-tracking -femit-struct-debug-baseonly -pg -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation -Wno-zero-length-bounds -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -fno-strict-overflow -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -Wno-packed-not-aligned    -DKBUILD_MODFILE='"fs/ubifs/ubifs"' -DKBUILD_BASENAME='"journal"' -DKBUILD_MODNAME='"ubifs"' -D__KBUILD_MODNAME=kmod_ubifs -c -o fs/ubifs/journal.o fs/ubifs/journal.c
[mk all 2021-10-01 14:10:15] In file included from ./include/linux/string.h:262,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/bitmap.h:10,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/cpumask.h:12,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/smp.h:13,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/lockdep.h:14,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/spinlock.h:63,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/wait.h:9,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/wait_bit.h:8,
[mk all 2021-10-01 14:10:15]                  from ./include/linux/fs.h:6,
[mk all 2021-10-01 14:10:15]                  from fs/ubifs/ubifs.h:16,
[mk all 2021-10-01 14:10:15]                  from fs/ubifs/journal.c:49:
[mk all 2021-10-01 14:10:15] In function 'memset',
[mk all 2021-10-01 14:10:15]     inlined from 'key_write.part.0' at fs/ubifs/key.h:439:2:
[mk all 2021-10-01 14:10:15] ./include/linux/fortify-string.h:172:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object passed as 1st parameter
[mk all 2021-10-01 14:10:15]   172 |                 __write_overflow();
[mk all 2021-10-01 14:10:15]       |                 ^~~~~~~~~~~~~~~~~~
[mk all 2021-10-01 14:10:15] make[2]: *** [scripts/Makefile.build:277: fs/ubifs/journal.o] Error 1
[mk all 2021-10-01 14:10:15] make[1]: *** [scripts/Makefile.build:540: fs/ubifs] Error 2
[mk all 2021-10-01 14:10:15] make: *** [Makefile:1868: fs] Error 2


This seems to be correct as the struct is declared using
UBIFS_SK_LEN (= 8), but used to use UBIFS_MAX_KEY_LEN (= 16), which
would overflow by 8 bytes.

Here's a suggested patch that is NOT tested as I don't have the UBIFS
in use (knowingly) anywhere:

diff --git a/fs/ubifs/key.h b/fs/ubifs/key.h
index 8142d9d6fe5d..40edcca7ba62 100644
--- a/fs/ubifs/key.h
+++ b/fs/ubifs/key.h
@@ -436,7 +436,7 @@ static inline void key_write(const struct ubifs_info *c,
 
 	t->j32[0] = cpu_to_le32(from->u32[0]);
 	t->j32[1] = cpu_to_le32(from->u32[1]);
-	memset(to + 8, 0, UBIFS_MAX_KEY_LEN - 8);
+	memset(to + 8, 0, UBIFS_SK_LEN - 8);
 }
 
 /**



Please keep me in Cc: as I'm not subscribed.

Thanks,
  Jan-Benedict

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-mtd/attachments/20211001/8d83953d/attachment.sig>

More information about the linux-mtd mailing list