ide: don't call memcpy with the same source and destination
authorMikulas Patocka <mpatocka@redhat.com>
Fri, 14 Apr 2017 18:35:33 +0000 (14:35 -0400)
committerDavid S. Miller <davem@davemloft.net>
Mon, 8 May 2017 21:36:39 +0000 (17:36 -0400)
The parisc architecture recently reimplemented the memcpy function and
their reimplementation crashed when source and destination overlapped.

The crash happened in the function ide_complete_cmd where memcpy is called
with the same source and destination pointer. According to the C
specification, memcpy behavior is undefined if the source and destination
range overlaps. This patches fixes the undefined behavior.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/ide/ide-io.c

index 45b3f41a43d4112a7c587c45f25b89b281bfcac3..323af721f8cb96e01393124b85c2342b6e9f8ff8 100644 (file)
@@ -107,7 +107,7 @@ void ide_complete_cmd(ide_drive_t *drive, struct ide_cmd *cmd, u8 stat, u8 err)
 
                if (cmd->tf_flags & IDE_TFLAG_DYN)
                        kfree(orig_cmd);
-               else
+               else if (cmd != orig_cmd)
                        memcpy(orig_cmd, cmd, sizeof(*cmd));
        }
 }