From: Tomas Winkler Date: Mon, 2 Sep 2013 00:11:01 +0000 (+0300) Subject: mei: make sure that me_clients_map big enough before copying X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=23f5a322063cba7c9f5dba5205e2960a24291373;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git mei: make sure that me_clients_map big enough before copying To make static analyzers happy validated that sizeof me_clients_map is larger than sizeof valid_addresses from the enumeration response before memcpy We can use BUILD_ON macro as both arrays are defined statically Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/misc/mei/hbm.c b/drivers/misc/mei/hbm.c index 6127ab64bb39..95d4dabf82c0 100644 --- a/drivers/misc/mei/hbm.c +++ b/drivers/misc/mei/hbm.c @@ -673,7 +673,10 @@ void mei_hbm_dispatch(struct mei_device *dev, struct mei_msg_hdr *hdr) case HOST_ENUM_RES_CMD: enum_res = (struct hbm_host_enum_response *) mei_msg; - memcpy(dev->me_clients_map, enum_res->valid_addresses, 32); + BUILD_BUG_ON(sizeof(dev->me_clients_map) + < sizeof(enum_res->valid_addresses)); + memcpy(dev->me_clients_map, enum_res->valid_addresses, + sizeof(enum_res->valid_addresses)); if (dev->dev_state == MEI_DEV_INIT_CLIENTS && dev->hbm_state == MEI_HBM_ENUM_CLIENTS) { dev->init_clients_timer = 0;