fs/ntfs3/fsntfs.c:2661 ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)
From: Dan Carpenter
Date: Tue Jan 09 2024 - 04:19:05 EST
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 9f8413c4a66f2fb776d3dc3c9ed20bf435eb305e
commit: 7832e123490ac39f85ab5befc2ceee7b25b03acb fs/ntfs3: Add support /proc/fs/ntfs3/<dev>/volinfo and /proc/fs/ntfs3/<dev>/label
config: i386-randconfig-141-20240107 (https://download.01.org/0day-ci/archive/20240109/202401091421.3RJ24Mn3-lkp@xxxxxxxxx/config)
compiler: ClangBuiltLinux clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
| Closes: https://lore.kernel.org/r/202401091421.3RJ24Mn3-lkp@xxxxxxxxx/
New smatch warnings:
fs/ntfs3/fsntfs.c:2661 ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)
vim +2661 fs/ntfs3/fsntfs.c
7832e123490ac3 Konstantin Komarov 2023-05-08 2627 int ntfs_set_label(struct ntfs_sb_info *sbi, u8 *label, int len)
7832e123490ac3 Konstantin Komarov 2023-05-08 2628 {
7832e123490ac3 Konstantin Komarov 2023-05-08 2629 int err;
7832e123490ac3 Konstantin Komarov 2023-05-08 2630 struct ATTRIB *attr;
7832e123490ac3 Konstantin Komarov 2023-05-08 2631 struct ntfs_inode *ni = sbi->volume.ni;
7832e123490ac3 Konstantin Komarov 2023-05-08 2632 const u8 max_ulen = 0x80; /* TODO: use attrdef to get maximum length */
7832e123490ac3 Konstantin Komarov 2023-05-08 2633 /* Allocate PATH_MAX bytes. */
7832e123490ac3 Konstantin Komarov 2023-05-08 2634 struct cpu_str *uni = __getname();
7832e123490ac3 Konstantin Komarov 2023-05-08 2635
7832e123490ac3 Konstantin Komarov 2023-05-08 2636 if (!uni)
7832e123490ac3 Konstantin Komarov 2023-05-08 2637 return -ENOMEM;
7832e123490ac3 Konstantin Komarov 2023-05-08 2638
7832e123490ac3 Konstantin Komarov 2023-05-08 2639 err = ntfs_nls_to_utf16(sbi, label, len, uni, (PATH_MAX - 2) / 2,
7832e123490ac3 Konstantin Komarov 2023-05-08 2640 UTF16_LITTLE_ENDIAN);
7832e123490ac3 Konstantin Komarov 2023-05-08 2641 if (err < 0)
7832e123490ac3 Konstantin Komarov 2023-05-08 2642 goto out;
7832e123490ac3 Konstantin Komarov 2023-05-08 2643
7832e123490ac3 Konstantin Komarov 2023-05-08 2644 if (uni->len > max_ulen) {
uni->name is defined as 10 elements long. So allowing PATH_MAX is
weird.
7832e123490ac3 Konstantin Komarov 2023-05-08 2645 ntfs_warn(sbi->sb, "new label is too long");
7832e123490ac3 Konstantin Komarov 2023-05-08 2646 err = -EFBIG;
7832e123490ac3 Konstantin Komarov 2023-05-08 2647 goto out;
7832e123490ac3 Konstantin Komarov 2023-05-08 2648 }
7832e123490ac3 Konstantin Komarov 2023-05-08 2649
7832e123490ac3 Konstantin Komarov 2023-05-08 2650 ni_lock(ni);
7832e123490ac3 Konstantin Komarov 2023-05-08 2651
7832e123490ac3 Konstantin Komarov 2023-05-08 2652 /* Ignore any errors. */
7832e123490ac3 Konstantin Komarov 2023-05-08 2653 ni_remove_attr(ni, ATTR_LABEL, NULL, 0, false, NULL);
7832e123490ac3 Konstantin Komarov 2023-05-08 2654
7832e123490ac3 Konstantin Komarov 2023-05-08 2655 err = ni_insert_resident(ni, uni->len * sizeof(u16), ATTR_LABEL, NULL,
7832e123490ac3 Konstantin Komarov 2023-05-08 2656 0, &attr, NULL, NULL);
7832e123490ac3 Konstantin Komarov 2023-05-08 2657 if (err < 0)
7832e123490ac3 Konstantin Komarov 2023-05-08 2658 goto unlock_out;
7832e123490ac3 Konstantin Komarov 2023-05-08 2659
7832e123490ac3 Konstantin Komarov 2023-05-08 2660 /* write new label in on-disk struct. */
7832e123490ac3 Konstantin Komarov 2023-05-08 @2661 memcpy(resident_data(attr), uni->name, uni->len * sizeof(u16));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Btw, I feel like if CONFIG_FORTIFY_SOURCE is enabled this will be a
runtime issue but I don't know for sure.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki