ide: don't call memcpy with the same source and destination

Submitted by Mikulas Patocka on April 14, 2017, 6:35 p.m.

Details

Message ID alpine.LRH.2.02.1704141433280.10706@file01.intranet.prod.int.rdu2.redhat.com
State Accepted
Delegated to: David Miller
Headers show

Commit Message

Mikulas Patocka April 14, 2017, 6:35 p.m.
The parisc architecture recently reimplemented the memcpy function and
their reimplementation crashed when source and destination overlapped.

The crash happened in the function ide_complete_cmd where memcpy is called
with the same source and destination pointer. According to the C
specification, memcpy behavior is undefined if the source and destination
range overlaps. This patches fixes the undefined behavior.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>

---
 drivers/ide/ide-io.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Bartlomiej Zolnierkiewicz April 18, 2017, 10:58 a.m.
On Friday, April 14, 2017 02:35:33 PM Mikulas Patocka wrote:
> The parisc architecture recently reimplemented the memcpy function and
> their reimplementation crashed when source and destination overlapped.
> 
> The crash happened in the function ide_complete_cmd where memcpy is called
> with the same source and destination pointer. According to the C
> specification, memcpy behavior is undefined if the source and destination
> range overlaps. This patches fixes the undefined behavior.
> 
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>

Reviewed-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller May 8, 2017, 9:37 p.m.
From: Mikulas Patocka <mpatocka@redhat.com>
Date: Fri, 14 Apr 2017 14:35:33 -0400 (EDT)

> The parisc architecture recently reimplemented the memcpy function and
> their reimplementation crashed when source and destination overlapped.
> 
> The crash happened in the function ide_complete_cmd where memcpy is called
> with the same source and destination pointer. According to the C
> specification, memcpy behavior is undefined if the source and destination
> range overlaps. This patches fixes the undefined behavior.
> 
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch hide | download patch | download mbox

Index: linux-4.11-rc6/drivers/ide/ide-io.c
===================================================================
--- linux-4.11-rc6.orig/drivers/ide/ide-io.c
+++ linux-4.11-rc6/drivers/ide/ide-io.c
@@ -107,7 +107,7 @@  void ide_complete_cmd(ide_drive_t *drive
 
 		if (cmd->tf_flags & IDE_TFLAG_DYN)
 			kfree(orig_cmd);
-		else
+		else if (cmd != orig_cmd)
 			memcpy(orig_cmd, cmd, sizeof(*cmd));
 	}
 }