svn commit: r316776 - head/sys/compat/linux
Conrad Meyer
cem at FreeBSD.org
Thu Apr 13 17:34:53 UTC 2017
Author: cem
Date: Thu Apr 13 17:34:51 2017
New Revision: 316776
URL: https://svnweb.freebsd.org/changeset/base/316776
Log:
linux_ioctl: Refactor some v4l2 struct converters
According to the C standard, it is invalid to copy beyond the end of an
object, even if that object is obviously a member of a larger object (a
struct, in this case).
Appease the standard and Coverity by refactoring the copy in a
straightforward way. No functional change.
Reported by: Coverity (CWE-120)
CIDs: 1007819, 1007820, 1007821, 1007822, 1009668, 1009669
Security: no (false positive detection)
Sponsored by: Dell EMC Isilon
Modified:
head/sys/compat/linux/linux_ioctl.c
Modified: head/sys/compat/linux/linux_ioctl.c
==============================================================================
--- head/sys/compat/linux/linux_ioctl.c Thu Apr 13 17:30:33 2017 (r316775)
+++ head/sys/compat/linux/linux_ioctl.c Thu Apr 13 17:34:51 2017 (r316776)
@@ -3185,7 +3185,12 @@ linux_to_bsd_v4l2_standard(struct l_v4l2
{
vstd->index = lvstd->index;
vstd->id = lvstd->id;
- memcpy(&vstd->name, &lvstd->name, sizeof(*lvstd) - offsetof(struct l_v4l2_standard, name));
+ CTASSERT(sizeof(vstd->name) == sizeof(lvstd->name));
+ memcpy(vstd->name, lvstd->name, sizeof(vstd->name));
+ vstd->frameperiod = lvstd->frameperiod;
+ vstd->framelines = lvstd->framelines;
+ CTASSERT(sizeof(vstd->reserved) == sizeof(lvstd->reserved));
+ memcpy(vstd->reserved, lvstd->reserved, sizeof(vstd->reserved));
return (0);
}
@@ -3194,7 +3199,12 @@ bsd_to_linux_v4l2_standard(struct v4l2_s
{
lvstd->index = vstd->index;
lvstd->id = vstd->id;
- memcpy(&lvstd->name, &vstd->name, sizeof(*lvstd) - offsetof(struct l_v4l2_standard, name));
+ CTASSERT(sizeof(vstd->name) == sizeof(lvstd->name));
+ memcpy(lvstd->name, vstd->name, sizeof(lvstd->name));
+ lvstd->frameperiod = vstd->frameperiod;
+ lvstd->framelines = vstd->framelines;
+ CTASSERT(sizeof(vstd->reserved) == sizeof(lvstd->reserved));
+ memcpy(lvstd->reserved, vstd->reserved, sizeof(lvstd->reserved));
return (0);
}
More information about the svn-src-head
mailing list