From c6943f3abced25dfa1ea85bf2edbad8803111237 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Thu, 13 Apr 2017 17:34:51 +0000 Subject: [PATCH] linux_ioctl: Refactor some v4l2 struct converters According to the C standard, it is invalid to copy beyond the end of an object, even if that object is obviously a member of a larger object (a struct, in this case). Appease the standard and Coverity by refactoring the copy in a straightforward way. No functional change. Reported by: Coverity (CWE-120) CIDs: 1007819, 1007820, 1007821, 1007822, 1009668, 1009669 Security: no (false positive detection) Sponsored by: Dell EMC Isilon --- sys/compat/linux/linux_ioctl.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c index e4e18f7da7b..72045c4b953 100644 --- a/sys/compat/linux/linux_ioctl.c +++ b/sys/compat/linux/linux_ioctl.c @@ -3185,7 +3185,12 @@ linux_to_bsd_v4l2_standard(struct l_v4l2_standard *lvstd, struct v4l2_standard * { vstd->index = lvstd->index; vstd->id = lvstd->id; - memcpy(&vstd->name, &lvstd->name, sizeof(*lvstd) - offsetof(struct l_v4l2_standard, name)); + CTASSERT(sizeof(vstd->name) == sizeof(lvstd->name)); + memcpy(vstd->name, lvstd->name, sizeof(vstd->name)); + vstd->frameperiod = lvstd->frameperiod; + vstd->framelines = lvstd->framelines; + CTASSERT(sizeof(vstd->reserved) == sizeof(lvstd->reserved)); + memcpy(vstd->reserved, lvstd->reserved, sizeof(vstd->reserved)); return (0); } @@ -3194,7 +3199,12 @@ bsd_to_linux_v4l2_standard(struct v4l2_standard *vstd, struct l_v4l2_standard *l { lvstd->index = vstd->index; lvstd->id = vstd->id; - memcpy(&lvstd->name, &vstd->name, sizeof(*lvstd) - offsetof(struct l_v4l2_standard, name)); + CTASSERT(sizeof(vstd->name) == sizeof(lvstd->name)); + memcpy(lvstd->name, vstd->name, sizeof(lvstd->name)); + lvstd->frameperiod = vstd->frameperiod; + lvstd->framelines = vstd->framelines; + CTASSERT(sizeof(vstd->reserved) == sizeof(lvstd->reserved)); + memcpy(lvstd->reserved, vstd->reserved, sizeof(lvstd->reserved)); return (0); }