From: Arnd Bergmann arnd@arndb.de
stable inclusion from stable-v4.19.191 commit 2f34dd12fd7a28888286924d74c0313532bc52d8 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I63UEU CVE: NA
--------------------------------
commit 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f upstream.
gcc-11 introdces a harmless warning for cap_inode_getsecurity:
security/commoncap.c: In function ‘cap_inode_getsecurity’: security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread] 440 | memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem here is that tmpbuf is initialized to NULL, so gcc assumes it is not accessible unless it gets set by vfs_getxattr_alloc(). This is a legitimate warning as far as I can tell, but the code is correct since it correctly handles the error when that function fails.
Add a separate NULL check to tell gcc about it as well.
Signed-off-by: Arnd Bergmann arnd@arndb.de Acked-by: Christian Brauner christian.brauner@ubuntu.com Signed-off-by: James Morris jamorris@linux.microsoft.com Cc: Andrey Zhizhikin andrey.z@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- security/commoncap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/commoncap.c b/security/commoncap.c index 2b221c0ef502..1fd370e8820f 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -398,7 +398,7 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, &tmpbuf, size, GFP_NOFS); dput(dentry);
- if (ret < 0) + if (ret < 0 || !tmpbuf) return ret;
fs_ns = inode->i_sb->s_user_ns;