From 0f4547b0fff6d4429e0565b638b4ae691cdb5b0a Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Sun, 17 Nov 2019 22:08:45 +0000 Subject: [PATCH] scst_vdisk: Remove a superfluous WARN_ON_ONCE() statement This patch fixes the following Coverity complaint: 7. assignment: Assigning: usn_len = max_len. The value of usn_len is now 252. CID 326814 (#1 of 1): Out-of-bounds access (OVERRUN) 8. overrun-buffer-arg: Overrunning array virt_dev->usn of 21 bytes by passing it to a function which accesses it at byte offset 251 using argument usn_len (which evaluates to 252). Fixes: ca180efeecee ("scst_vdisk: Avoid that vdisk_usn_vpd() can trigger a buffer overflow") git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@8665 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- scst/src/dev_handlers/scst_vdisk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scst/src/dev_handlers/scst_vdisk.c b/scst/src/dev_handlers/scst_vdisk.c index 6d2171274..460d3f5f3 100644 --- a/scst/src/dev_handlers/scst_vdisk.c +++ b/scst/src/dev_handlers/scst_vdisk.c @@ -3706,14 +3706,14 @@ static int vdisk_usn_vpd(uint8_t *buf, struct scst_cmd *cmd, { uint16_t usn_len, max_len = INQ_BUF_SZ - 4; + BUILD_BUG_ON(sizeof(virt_dev->usn) > INQ_BUF_SZ - 4); + buf[1] = 0x80; if (cmd->tgtt->get_serial) { usn_len = cmd->tgtt->get_serial(cmd->tgt_dev, &buf[4], max_len); } else { read_lock(&vdisk_serial_rwlock); usn_len = strlen(virt_dev->usn); - if (WARN_ON_ONCE(usn_len > max_len)) - usn_len = max_len; memcpy(&buf[4], virt_dev->usn, usn_len); read_unlock(&vdisk_serial_rwlock); }