Overflow of unspecified length array in include/uapi/linux/lsm.h

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Other

80 stars 5 forks source link

Overflow of unspecified length array in include/uapi/linux/lsm.h #347

Open broonie opened 6 months ago

broonie commented 6 months ago

Building at least an arm64 defconfig for next 20231220 using GCC 10 we see:

3    include/linux/fortify-string.h:57:29: error: '__builtin_memcpy' offset 32 is out of the bounds [0, 0] [-Werror=array-bounds]
2    security/security.c:810:2: error: 'memcpy' offset 32 is out of the bounds [0, 0] [-Werror=array-bounds]

due to struct lsm_ctx.

broonie commented 6 months ago

Reported upstream: https://lore.kernel.org/all/3717b995-5209-4db8-be77-c6303bb1c0db@arm.com/

kees commented 5 months ago

Probably need to disable it for GCC 10 too. :( https://lore.kernel.org/all/CAHC9VhR+d70b6QfAdtoch-M5cttM63KpMcKG-tfv5PZB9=bnSg@mail.gmail.com/