From: kernel test robot <yujie.liu@intel.com> To: Arnd Bergmann <arnd@arndb.de> Cc: <llvm@lists.linux.dev>, <kbuild-all@lists.01.org>, "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>, Pavel Machek <pavel@ucw.cz> Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ... Date: Sat, 13 Nov 2021 22:22:32 +0800 [thread overview] Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com> (raw) In-Reply-To: <202111061537.oujSfSVR-lkp@intel.com> [-- Attachment #1: Type: text/plain, Size: 3843 bytes --] tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23 commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning date: 6 weeks ago config: i386-randconfig-c001-20210930 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> clang-analyzer warnings: (new ones prefixed by >>) >> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] return strlen(strcat(buf, "\n")); ^~~~~~ vim +210 drivers/leds/led-class-flash.c 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev, 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf) 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0) 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0'; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ", 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209 811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n")); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org [-- Attachment #2: .config.gz --] [-- Type: application/gzip, Size: 37198 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <yujie.liu@intel.com> To: kbuild-all@lists.01.org Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ... Date: Sat, 13 Nov 2021 22:22:32 +0800 [thread overview] Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com> (raw) In-Reply-To: <202111061537.oujSfSVR-lkp@intel.com> [-- Attachment #1: Type: text/plain, Size: 3906 bytes --] tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23 commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning date: 6 weeks ago config: i386-randconfig-c001-20210930 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> clang-analyzer warnings: (new ones prefixed by >>) >> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] return strlen(strcat(buf, "\n")); ^~~~~~ vim +210 drivers/leds/led-class-flash.c 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev, 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf) 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0) 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0'; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) { 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ", 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1; 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209 811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n")); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 } 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault); 7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org [-- Attachment #2: config.gz --] [-- Type: application/gzip, Size: 37198 bytes --]
next prev parent reply other threads:[~2021-11-13 14:22 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-11-06 7:11 drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 kernel test robot 2021-11-13 14:22 ` kernel test robot [this message] 2021-11-13 14:22 ` kernel test robot
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com \ --to=yujie.liu@intel.com \ --cc=arnd@arndb.de \ --cc=kbuild-all@lists.01.org \ --cc=linux-kernel@vger.kernel.org \ --cc=llvm@lists.linux.dev \ --cc=pavel@ucw.cz \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.