review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Kees Cook <keescook@chromium.org>
	Fri, 6 Jan 2023 06:17:04 +0000 (22:17 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 11 Mar 2023 12:55:33 +0000 (13:55 +0100)
commit	15aed90f3e0539ff36e105d8867c8075074c924f
tree	ea93c8164fb92d307eae404973c0bf15f2857004	tree \| snapshot
parent	3c4a3bbe025cb2c5a54548bc4d338e0c8d15dc5b	commit \| diff

media: uvcvideo: Silence memcpy() run-time false positive warnings

[ Upstream commit b839212988575c701aab4d3d9ca15e44c87e383c ]

The memcpy() in uvc_video_decode_meta() intentionally copies across the
length and flags members and into the trailing buf flexible array.
Split the copy so that the compiler can better reason about (the lack
of) buffer overflows here. Avoid the run-time false positive warning:

memcpy: detected field-spanning write (size 12) of single field "&meta->length" at drivers/media/usb/uvc/uvc_video.c:1355 (size 1)

Additionally fix a typo in the documentation for struct uvc_meta_buf.

Reported-by: ionut_n2001@yahoo.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216810
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/media/usb/uvc/uvc_video.c		diff \| blob \| history
include/uapi/linux/uvcvideo.h		diff \| blob \| history