• Kees Cook's avatar
    jfs: Avoid field-overflowing memcpy() · 5d299f44
    Kees Cook authored
    In preparation for FORTIFY_SOURCE performing compile-time and run-time
    field array bounds checking for memcpy(), memmove(), and memset(),
    avoid intentionally writing across neighboring fields.
    
    Introduce more unions to cover the full inline data section, so that the
    entire 256 bytes can be addressed by memcpy() without thinking it is
    crossing field boundaries. Additionally adjusts dir memcpy() to use
    existing union names to get the same coverage.
    
    diffoscope shows there are no binary differences before/after excepting
    the name of the initcall, which is line number based:
    
    $ diffoscope --exclude-directory-metadata yes before/fs after/fs
     --- before/fs
     +++ after/fs
     │   --- before/fs/jfs
     ├── +++ after/fs/jfs
     │ │   --- before/fs/jfs/super.o
     │ ├── +++ after/fs/jfs/super.o
     │ │ ├── readelf --wide --symbols {}
     │ │ │ @@ -2,15 +2,15 @@
     │ │ │  Symbol table '.symtab' contains 158 entries:
     │ │ │     Num:    Value          Size Type    Bind   Vis      Ndx Name
     ...
     │ │ │ -     5: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT    6 __initcall__kmod_jfs__319_1049_ini
     t_jfs_fs6
     │ │ │ +     5: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT    6 __initcall__kmod_jfs__319_1050_ini
     t_jfs_fs6
    ...
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
    5d299f44
jfs_incore.h 6.95 KB