All of lore.kernel.org
 help / color / mirror / Atom feed
From: kernel test robot <yujie.liu@intel.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: <llvm@lists.linux.dev>, <kbuild-all@lists.01.org>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	Pavel Machek <pavel@ucw.cz>
Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ...
Date: Sat, 13 Nov 2021 22:22:32 +0800	[thread overview]
Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com> (raw)
In-Reply-To: <202111061537.oujSfSVR-lkp@intel.com>

[-- Attachment #1: Type: text/plain, Size: 3843 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date:   6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
         chmod +x ~/bin/make.cross
         # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
         git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
         git fetch --no-tags linus master
         git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
         # save the attached .config to linux build tree
         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


clang-analyzer warnings: (new ones prefixed by >>)

 >> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
            return strlen(strcat(buf, "\n"));
                          ^~~~~~


vim +210 drivers/leds/led-class-flash.c

7aea8389a77abf9 Jacek Anaszewski 2015-01-09  185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  186  static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  187  		struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  188  {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  189  	struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  190  	struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  191  	u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  192  	char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  193  	int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  195  	ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  196  	if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  197  		return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  199  	*buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  201  	for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  202  		if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  203  			buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  204  					  led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  205  			pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  206  		}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  207  		mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  208  	}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  209
811b5440c6e4998 Arnd Bergmann    2021-09-27 @210  	return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  211  }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  212  static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  213

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37198 bytes --]

WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <yujie.liu@intel.com>
To: kbuild-all@lists.01.org
Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ...
Date: Sat, 13 Nov 2021 22:22:32 +0800	[thread overview]
Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com> (raw)
In-Reply-To: <202111061537.oujSfSVR-lkp@intel.com>

[-- Attachment #1: Type: text/plain, Size: 3906 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date:   6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
         chmod +x ~/bin/make.cross
         # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
         git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
         git fetch --no-tags linus master
         git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
         # save the attached .config to linux build tree
         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


clang-analyzer warnings: (new ones prefixed by >>)

 >> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
            return strlen(strcat(buf, "\n"));
                          ^~~~~~


vim +210 drivers/leds/led-class-flash.c

7aea8389a77abf9 Jacek Anaszewski 2015-01-09  185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  186  static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  187  		struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  188  {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  189  	struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  190  	struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  191  	u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  192  	char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  193  	int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  195  	ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  196  	if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  197  		return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  199  	*buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  201  	for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  202  		if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  203  			buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  204  					  led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  205  			pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  206  		}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  207  		mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  208  	}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  209
811b5440c6e4998 Arnd Bergmann    2021-09-27 @210  	return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  211  }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  212  static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  213

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37198 bytes --]

  reply	other threads:[~2021-11-13 14:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-06  7:11 drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 kernel test robot
2021-11-13 14:22 ` kernel test robot [this message]
2021-11-13 14:22   ` kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com \
    --to=yujie.liu@intel.com \
    --cc=arnd@arndb.de \
    --cc=kbuild-all@lists.01.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.