git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kees Cook <keescook@chromium.org>
	Fri, 6 Jan 2023 06:17:04 +0000 (22:17 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 11 Mar 2023 12:50:39 +0000 (13:50 +0100)
commit	0b962b034551b93fe97f55a199e677d702dddd3b
tree	509151db8e42497af6fb9aab6be5e3f699d1df8f	tree
parent	aa50ff54f13381ab45bf611f80dee4a5696b0264	commit \| diff

media: uvcvideo: Silence memcpy() run-time false positive warnings

[ Upstream commit b839212988575c701aab4d3d9ca15e44c87e383c ]

The memcpy() in uvc_video_decode_meta() intentionally copies across the
length and flags members and into the trailing buf flexible array.
Split the copy so that the compiler can better reason about (the lack
of) buffer overflows here. Avoid the run-time false positive warning:

memcpy: detected field-spanning write (size 12) of single field "&meta->length" at drivers/media/usb/uvc/uvc_video.c:1355 (size 1)

Additionally fix a typo in the documentation for struct uvc_meta_buf.

Reported-by: ionut_n2001@yahoo.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216810
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/media/usb/uvc/uvc_video.c		diff \| blob \| blame \| history
include/uapi/linux/uvcvideo.h		diff \| blob \| blame \| history