mmc-utils: fix potential overflow
Building with _FORTIFY_SOURCE=3 results in:
from mmc_cmds.c:20:
In function ‘read’,
inlined from ‘do_rpmb_write_key’ at mmc_cmds.c:2233:8:
..unistd.h:38:10: error: ‘__read_alias’ writing 228 or more bytes into a region of size 32 overflows the destination [-Werror=stringop-overflow=]
38 | return __glibc_fortify (read, __nbytes, sizeof (char),
| ^~~~~~~~~~~~~~~
mmc_cmds.c: In function ‘do_rpmb_write_key’:
mmc_cmds.c:2087:19: note: destination object ‘key_mac’ of size 32
2087 | u_int8_t key_mac[32];
| ^~~~~~~
..unistd.h:26:16: note: in a call to function ‘__read_alias’ declared with attribute ‘access (write_only, 2, 3)’
26 | extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
| ^~~~~~~~~~
To work around this let's check if the return of read() is lower than the
nbyte requested instead of not equal.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Link: https://lore.kernel.org/r/20230926131128.3771508-1-giulio.benetti@benettiengineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
diff --git a/mmc_cmds.c b/mmc_cmds.c
index 10d063d..ae7b876 100644
--- a/mmc_cmds.c
+++ b/mmc_cmds.c
@@ -2065,7 +2065,7 @@
} \
else if (r > 0) \
ret += r; \
- } while (r != 0 && (size_t)ret != nbyte); \
+ } while (r != 0 && (size_t)ret < nbyte); \
\
ret; \
})
