[PATCH 1/1] tpm: use memmove() for overlapping buffers
The behavior of memcpy() for overlapping buffers is undefined.
Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50") Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- lib/tpm-v2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 59e6cbafafa..ad2b5ab0c32 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -821,7 +821,7 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, if (*recv_size < 12) return -ENODATA; *recv_size -= 12; - memcpy(recvbuf, recvbuf + 12, *recv_size); + memmove(recvbuf, recvbuf + 12, *recv_size);
return 0; }
On Sat, 2 Nov 2024 at 12:27, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:
The behavior of memcpy() for overlapping buffers is undefined.
Fixes: 4c57ec76b725 ("tpm: Implement state command for Cr50") Addresses-Coverity-ID: 356664 Overlapping buffer in memory copy Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
lib/tpm-v2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 59e6cbafafa..ad2b5ab0c32 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -821,7 +821,7 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, if (*recv_size < 12) return -ENODATA; *recv_size -= 12;
memcpy(recvbuf, recvbuf + 12, *recv_size);
memmove(recvbuf, recvbuf + 12, *recv_size); return 0;}
2.45.2
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
participants (2)
-
Heinrich Schuchardt -
Ilias Apalodimas