git.maquefel.me Git - linux.git/commit

author	Kees Cook <keescook@chromium.org>
	Fri, 6 Jan 2023 06:17:04 +0000 (22:17 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 11 Mar 2023 12:57:33 +0000 (13:57 +0100)
commit	b32d922f86f3870558b20d310c78d492c631d08e
tree	1ac92ec3f0f994544f791613e0c378c69a412e87	tree \| snapshot
parent	c1343a879cce4d44b6408b4aa1ad467de3e36019	commit \| diff

media: uvcvideo: Silence memcpy() run-time false positive warnings

[ Upstream commit b839212988575c701aab4d3d9ca15e44c87e383c ]

The memcpy() in uvc_video_decode_meta() intentionally copies across the
length and flags members and into the trailing buf flexible array.
Split the copy so that the compiler can better reason about (the lack
of) buffer overflows here. Avoid the run-time false positive warning:

memcpy: detected field-spanning write (size 12) of single field "&meta->length" at drivers/media/usb/uvc/uvc_video.c:1355 (size 1)

Additionally fix a typo in the documentation for struct uvc_meta_buf.

Reported-by: ionut_n2001@yahoo.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216810
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/media/usb/uvc/uvc_video.c		diff \| blob \| history
include/uapi/linux/uvcvideo.h		diff \| blob \| history