diff mbox series

[1/1] tpm: use memmove() for overlapping buffers

Message ID 20241102102737.107531-1-heinrich.schuchardt@canonical.com
State Accepted
Commit 6c717d952d455d2efc267496fa9797a656459e6f
Delegated to: Ilias Apalodimas
Headers show
Series [1/1] tpm: use memmove() for overlapping buffers | expand

Commit Message

Heinrich Schuchardt Nov. 2, 2024, 10:27 a.m. UTC
The behavior of memcpy() for overlapping buffers is undefined.

Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50")
Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
---
 lib/tpm-v2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Ilias Apalodimas Nov. 11, 2024, 11:14 a.m. UTC | #1
On Sat, 2 Nov 2024 at 12:27, Heinrich Schuchardt
<heinrich.schuchardt@canonical.com> wrote:
>
> The behavior of memcpy() for overlapping buffers is undefined.
>
> Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50")
> Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> ---
>  lib/tpm-v2.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 59e6cbafafa..ad2b5ab0c32 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -821,7 +821,7 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
>         if (*recv_size < 12)
>                 return -ENODATA;
>         *recv_size -= 12;
> -       memcpy(recvbuf, recvbuf + 12, *recv_size);
> +       memmove(recvbuf, recvbuf + 12, *recv_size);
>
>         return 0;
>  }
> --
> 2.45.2
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff mbox series

Patch

diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 59e6cbafafa..ad2b5ab0c32 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -821,7 +821,7 @@  u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
 	if (*recv_size < 12)
 		return -ENODATA;
 	*recv_size -= 12;
-	memcpy(recvbuf, recvbuf + 12, *recv_size);
+	memmove(recvbuf, recvbuf + 12, *recv_size);
 
 	return 0;
 }