From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: fs/cifs/smb2ops.c:3646:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
Date: Sun, 25 Jul 2021 14:02:34 +0800 [thread overview]
Message-ID: <202107251428.uqnxzR3h-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 17177 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Steve French <stfrench@microsoft.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: d8079fac168168b25677dc16c00ffaf9fb7df723
commit: 2485bd7557a7edb4520b4072af464f0a08c8efe0 cifs: only write 64kb at a time when fallocating a small region of a file
date: 3 days ago
:::::: branch date: 6 hours ago
:::::: commit date: 3 days ago
config: x86_64-randconfig-c001-20210725 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 3f2c1e99e44d028d5e9dd685f3c568f2661f2f68)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2485bd7557a7edb4520b4072af464f0a08c8efe0
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2485bd7557a7edb4520b4072af464f0a08c8efe0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross clang-analyzer ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
net/lapb/lapb_iface.c:47:2: note: Memory is released
kfree(lapb);
^~~~~~~~~~~
net/lapb/lapb_iface.c:58:3: note: Returning; memory was released via 1st parameter
lapb_free_cb(lapb);
^~~~~~~~~~~~~~~~~~
net/lapb/lapb_iface.c:68:3: note: Returning; memory was released via 1st parameter
lapb_put(lapb);
^~~~~~~~~~~~~~
net/lapb/lapb_iface.c:200:2: note: Returning; memory was released via 1st parameter
__lapb_remove_cb(lapb);
^~~~~~~~~~~~~~~~~~~~~~
net/lapb/lapb_iface.c:202:2: note: Use of memory after it is freed
lapb_put(lapb);
^ ~~~~
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
drivers/media/dvb-frontends/stv090x.c:2289:23: warning: The result of the '/' expression is undefined [clang-analyzer-core.UndefinedBinaryOperatorResult]
steps_max = (car_max / inc) + 1; /* min steps = 3 */
^
drivers/media/dvb-frontends/stv090x.c:2405:2: note: Calling 'stv090x_get_loop_params'
stv090x_get_loop_params(state, &inc, &timeout_step, &steps_max);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2251:6: note: Assuming 'car_max' is <= 16384
if (car_max > 0x4000)
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2251:2: note: Taking false branch
if (car_max > 0x4000)
^
drivers/media/dvb-frontends/stv090x.c:2260:2: note: Control jumps to 'case STV090x_SEARCH_DVBS2:' at line 2267
switch (state->search_mode) {
^
drivers/media/dvb-frontends/stv090x.c:2270:3: note: Execution continues on line 2278
break;
^
drivers/media/dvb-frontends/stv090x.c:2279:7: note: Assuming 'inc' is <= 'car_max'
if ((inc > car_max) || (inc < 0))
^~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2279:6: note: Left side of '||' is false
if ((inc > car_max) || (inc < 0))
^
drivers/media/dvb-frontends/stv090x.c:2279:26: note: Assuming 'inc' is >= 0
if ((inc > car_max) || (inc < 0))
^~~~~~~
drivers/media/dvb-frontends/stv090x.c:2279:2: note: Taking false branch
if ((inc > car_max) || (inc < 0))
^
drivers/media/dvb-frontends/stv090x.c:2283:6: note: Assuming 'srate' is <= 0
if (srate > 0)
^~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2283:2: note: Taking false branch
if (srate > 0)
^
drivers/media/dvb-frontends/stv090x.c:2286:7: note: 'timeout' is > 100
if ((timeout > 100) || (timeout < 0))
^~~~~~~
drivers/media/dvb-frontends/stv090x.c:2286:22: note: Left side of '||' is true
if ((timeout > 100) || (timeout < 0))
^
drivers/media/dvb-frontends/stv090x.c:2289:23: note: The result of the '/' expression is undefined
steps_max = (car_max / inc) + 1; /* min steps = 3 */
~~~~~~~~^~~~~
drivers/media/dvb-frontends/stv090x.c:2960:2: warning: Value stored to 'reg' is never read [clang-analyzer-deadcode.DeadStores]
reg = STV090x_READ_DEMOD(state, TMGOBS);
^
drivers/media/dvb-frontends/stv090x.c:2960:2: note: Value stored to 'reg' is never read
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (6 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
13 warnings generated.
>> fs/cifs/smb2ops.c:3646:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
return rc;
^
fs/cifs/smb2ops.c:3668:6: note: Assuming 'rc' is 0
if (rc)
^~
fs/cifs/smb2ops.c:3668:2: note: Taking false branch
if (rc)
^
fs/cifs/smb2ops.c:3673:6: note: Assuming 'out_data_len' is not equal to 0
if (out_data_len == 0)
^~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3673:2: note: Taking false branch
if (out_data_len == 0)
^
fs/cifs/smb2ops.c:3677:6: note: Assuming 'buf' is not equal to NULL
if (buf == NULL) {
^~~~~~~~~~~
fs/cifs/smb2ops.c:3677:2: note: Taking false branch
if (buf == NULL) {
^
fs/cifs/smb2ops.c:3683:2: note: Loop condition is true. Entering loop body
while (len) {
^
fs/cifs/smb2ops.c:3687:7: note: 'out_data_len' is not equal to 0
if (out_data_len == 0) {
^~~~~~~~~~~~
fs/cifs/smb2ops.c:3687:3: note: Taking false branch
if (out_data_len == 0) {
^
fs/cifs/smb2ops.c:3693:7: note: Assuming the condition is false
if (out_data_len < sizeof(struct file_allocated_range_buffer)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3693:3: note: Taking false branch
if (out_data_len < sizeof(struct file_allocated_range_buffer)) {
^
fs/cifs/smb2ops.c:3698:7: note: Assuming 'off' is < field 'file_offset'
if (off < le64_to_cpu(tmp_data->file_offset)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3698:3: note: Taking true branch
if (off < le64_to_cpu(tmp_data->file_offset)) {
^
fs/cifs/smb2ops.c:3705:8: note: Assuming 'len' is >= 'l'
if (len < l)
^~~~~~~
fs/cifs/smb2ops.c:3705:4: note: Taking false branch
if (len < l)
^
fs/cifs/smb2ops.c:3707:9: note: Calling 'smb3_simple_fallocate_write_range'
rc = smb3_simple_fallocate_write_range(xid, tcon,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3620:6: note: 'rc' declared without an initial value
int rc, nbytes;
^~
fs/cifs/smb2ops.c:3629:2: note: Loop condition is false. Execution continues on line 3646
while (len) {
^
fs/cifs/smb2ops.c:3646:2: note: Undefined or garbage value returned to caller
return rc;
^ ~~
fs/cifs/smb2ops.c:4178:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "R");
^~~~~~
fs/cifs/smb2ops.c:4178:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(message, "R");
^~~~~~
fs/cifs/smb2ops.c:4182:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "H");
^~~~~~
fs/cifs/smb2ops.c:4182:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(message, "H");
^~~~~~
fs/cifs/smb2ops.c:4186:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "W");
^~~~~~
fs/cifs/smb2ops.c:4186:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(message, "W");
^~~~~~
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
vim +3646 fs/cifs/smb2ops.c
31742c5a331766 Steve French 2014-08-17 3612
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3613 static int smb3_simple_fallocate_write_range(unsigned int xid,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3614 struct cifs_tcon *tcon,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3615 struct cifsFileInfo *cfile,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3616 loff_t off, loff_t len,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3617 char *buf)
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3618 {
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3619 struct cifs_io_parms io_parms = {0};
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3620 int rc, nbytes;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3621 struct kvec iov[2];
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3622
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3623 io_parms.netfid = cfile->fid.netfid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3624 io_parms.pid = current->tgid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3625 io_parms.tcon = tcon;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3626 io_parms.persistent_fid = cfile->fid.persistent_fid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3627 io_parms.volatile_fid = cfile->fid.volatile_fid;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3628
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3629 while (len) {
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3630 io_parms.offset = off;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3631 io_parms.length = len;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3632 if (io_parms.length > SMB2_MAX_BUFFER_SIZE)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3633 io_parms.length = SMB2_MAX_BUFFER_SIZE;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3634 /* iov[0] is reserved for smb header */
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3635 iov[1].iov_base = buf;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3636 iov[1].iov_len = io_parms.length;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3637 rc = SMB2_write(xid, &io_parms, &nbytes, iov, 1);
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3638 if (rc)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3639 break;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3640 if (nbytes > len)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3641 return -EINVAL;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3642 buf += nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3643 off += nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3644 len -= nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3645 }
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 @3646 return rc;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3647 }
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3648
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29587 bytes --]
next reply other threads:[~2021-07-25 6:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-25 6:02 kernel test robot [this message]
2021-07-26 3:40 ` fs/cifs/smb2ops.c:3646:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn] kernel test robot
2021-07-26 3:40 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107251428.uqnxzR3h-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.