* drivers/of/fdt.c:259:10: warning: Access to field 'child' results in a dereference of a null pointer (loaded from variable 'parent') [clang-analyzer-core.NullDereference]
@ 2021-08-01 19:28 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-08-01 19:28 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14281 bytes --]
CC: clang-built-linux(a)googlegroups.com
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Frank Rowand <frank.rowand@sony.com>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: c7d102232649226a69dddd58a4942cf13cff4f7c
commit: 649cab56de8eb2952498de9b752761ca980cb88a of: properly check for error returned by fdt_get_name()
date: 4 months ago
:::::: branch date: 2 days ago
:::::: commit date: 4 months ago
config: x86_64-randconfig-c001-20210731 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 4f71f59bf3d9914188a11d0c41bedbb339d36ff5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=649cab56de8eb2952498de9b752761ca980cb88a
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 649cab56de8eb2952498de9b752761ca980cb88a
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
drivers/hid/hid-picolcd_fb.c:148:6: note: Assuming 'bpp' is equal to 1
if (bpp == 1) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:2: note: Taking true branch
if (bpp == 1) {
^
drivers/hid/hid-picolcd_fb.c:149:3: note: Loop condition is true. Entering loop body
for (b = 7; b >= 0; b--) {
^
drivers/hid/hid-picolcd_fb.c:151:9: note: The value 0 is assigned to 'i'
for (i = 0; i < 64; i++) {
^~~~~
drivers/hid/hid-picolcd_fb.c:151:4: note: Loop condition is true. Entering loop body
for (i = 0; i < 64; i++) {
^
drivers/hid/hid-picolcd_fb.c:152:14: note: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
tdata[i] <<= 1;
~~~~~~~~ ^
drivers/hid/hid-picolcd_fb.c:160:14: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [clang-analyzer-core.uninitialized.Assign]
tdata[i] <<= 1;
^
drivers/hid/hid-picolcd_fb.c:437:2: note: Calling 'picolcd_fb_update'
picolcd_fb_update(info);
^~~~~~~~~~~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:234:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&fbdata->lock, flags);
^
include/linux/spinlock.h:384:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:250:2: note: expanded from macro 'raw_spin_lock_irqsave'
do { \
^
drivers/hid/hid-picolcd_fb.c:234:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&fbdata->lock, flags);
^
include/linux/spinlock.h:382:43: note: expanded from macro 'spin_lock_irqsave'
#define spin_lock_irqsave(lock, flags) \
^
drivers/hid/hid-picolcd_fb.c:235:6: note: Assuming field 'ready' is not equal to 0
if (!fbdata->ready && fbdata->picolcd)
^~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:235:21: note: Left side of '&&' is false
if (!fbdata->ready && fbdata->picolcd)
^
drivers/hid/hid-picolcd_fb.c:247:2: note: Loop condition is true. Entering loop body
for (chip = 0; chip < 4; chip++)
^
drivers/hid/hid-picolcd_fb.c:248:3: note: Loop condition is true. Entering loop body
for (tile = 0; tile < 8; tile++) {
^
drivers/hid/hid-picolcd_fb.c:249:8: note: Assuming field 'force' is 0
if (!fbdata->force && !picolcd_fb_update_tile(
^~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:249:8: note: Left side of '&&' is true
drivers/hid/hid-picolcd_fb.c:249:27: note: Calling 'picolcd_fb_update_tile'
if (!fbdata->force && !picolcd_fb_update_tile(
^~~~~~~~~~~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:6: note: Assuming 'bpp' is not equal to 1
if (bpp == 1) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:2: note: Taking false branch
if (bpp == 1) {
^
drivers/hid/hid-picolcd_fb.c:156:13: note: Assuming 'bpp' is equal to 8
} else if (bpp == 8) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:156:9: note: Taking true branch
} else if (bpp == 8) {
^
drivers/hid/hid-picolcd_fb.c:157:3: note: Loop condition is true. Entering loop body
for (b = 7; b >= 0; b--) {
^
drivers/hid/hid-picolcd_fb.c:159:9: note: The value 0 is assigned to 'i'
for (i = 0; i < 64; i++) {
^~~~~
drivers/hid/hid-picolcd_fb.c:159:4: note: Loop condition is true. Entering loop body
for (i = 0; i < 64; i++) {
^
drivers/hid/hid-picolcd_fb.c:160:14: note: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
tdata[i] <<= 1;
~~~~~~~~ ^
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
>> drivers/of/fdt.c:259:10: warning: Access to field 'child' results in a dereference of a null pointer (loaded from variable 'parent') [clang-analyzer-core.NullDereference]
child = parent->child;
^
drivers/of/fdt.c:297:16: note: Assuming 'base' is non-null
bool dryrun = !base;
^~~~~
drivers/of/fdt.c:300:6: note: Assuming 'nodepp' is null
if (nodepp)
^~~~~~
drivers/of/fdt.c:300:2: note: Taking false branch
if (nodepp)
^
drivers/of/fdt.c:310:6: note: Assuming 'dad' is null
if (dad)
^~~
drivers/of/fdt.c:310:2: note: Taking false branch
if (dad)
^
drivers/of/fdt.c:317:7: note: 'offset' is >= 0
offset >= 0 && depth >= initial_depth;
^~~~~~
drivers/of/fdt.c:317:7: note: Left side of '&&' is true
drivers/of/fdt.c:316:2: note: Loop condition is true. Entering loop body
for (offset = 0;
^
drivers/of/fdt.c:319:7: note: Taking false branch
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
^
include/asm-generic/bug.h:103:2: note: expanded from macro 'WARN_ON_ONCE'
if (unlikely(__ret_warn_on)) \
^
drivers/of/fdt.c:319:3: note: Taking false branch
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
^
drivers/of/fdt.c:322:35: note: Left side of '&&' is false
if (!IS_ENABLED(CONFIG_OF_KOBJ) &&
^
drivers/of/fdt.c:326:9: note: Calling 'populate_node'
ret = populate_node(blob, offset, &mem, nps[depth],
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:220:6: note: Assuming 'pathp' is null
if (!pathp) {
^~~~~~
drivers/of/fdt.c:220:2: note: Taking true branch
if (!pathp) {
^
drivers/of/fdt.c:221:3: note: Storing null pointer value
*pnp = NULL;
^~~~~~~~~~~
drivers/of/fdt.c:326:9: note: Returning from 'populate_node'
ret = populate_node(blob, offset, &mem, nps[depth],
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:328:7: note: Assuming 'ret' is >= 0
if (ret < 0)
^~~~~~~
drivers/of/fdt.c:328:3: note: Taking false branch
if (ret < 0)
^
drivers/of/fdt.c:331:8: note: 'dryrun' is false
if (!dryrun && nodepp && !*nodepp)
^~~~~~
drivers/of/fdt.c:331:7: note: Left side of '&&' is true
if (!dryrun && nodepp && !*nodepp)
^
drivers/of/fdt.c:331:18: note: 'nodepp' is null
if (!dryrun && nodepp && !*nodepp)
^~~~~~
drivers/of/fdt.c:331:25: note: Left side of '&&' is false
if (!dryrun && nodepp && !*nodepp)
^
drivers/of/fdt.c:333:8: note: 'dryrun' is false
if (!dryrun && !root)
^~~~~~
drivers/of/fdt.c:333:7: note: Left side of '&&' is true
if (!dryrun && !root)
^
drivers/of/fdt.c:333:19: note: 'root' is null
if (!dryrun && !root)
^~~~
drivers/of/fdt.c:333:3: note: Taking true branch
if (!dryrun && !root)
^
drivers/of/fdt.c:334:4: note: Null pointer value stored to 'root'
root = nps[depth+1];
^~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:317:7: note: Assuming 'offset' is < 0
offset >= 0 && depth >= initial_depth;
^~~~~~~~~~~
drivers/of/fdt.c:317:19: note: Left side of '&&' is false
offset >= 0 && depth >= initial_depth;
^
drivers/of/fdt.c:337:6: note: 'offset' is < 0
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^~~~~~
drivers/of/fdt.c:337:6: note: Left side of '&&' is true
drivers/of/fdt.c:337:20: note: Assuming the condition is false
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:337:2: note: Taking false branch
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^
vim +259 drivers/of/fdt.c
dfbd4c6eff35f1 Gavin Shan 2016-05-03 253
50800082f17645 Gavin Shan 2016-05-03 254 static void reverse_nodes(struct device_node *parent)
50800082f17645 Gavin Shan 2016-05-03 255 {
50800082f17645 Gavin Shan 2016-05-03 256 struct device_node *child, *next;
50800082f17645 Gavin Shan 2016-05-03 257
50800082f17645 Gavin Shan 2016-05-03 258 /* In-depth first */
50800082f17645 Gavin Shan 2016-05-03 @259 child = parent->child;
50800082f17645 Gavin Shan 2016-05-03 260 while (child) {
50800082f17645 Gavin Shan 2016-05-03 261 reverse_nodes(child);
50800082f17645 Gavin Shan 2016-05-03 262
50800082f17645 Gavin Shan 2016-05-03 263 child = child->sibling;
50800082f17645 Gavin Shan 2016-05-03 264 }
50800082f17645 Gavin Shan 2016-05-03 265
50800082f17645 Gavin Shan 2016-05-03 266 /* Reverse the nodes in the child list */
50800082f17645 Gavin Shan 2016-05-03 267 child = parent->child;
50800082f17645 Gavin Shan 2016-05-03 268 parent->child = NULL;
50800082f17645 Gavin Shan 2016-05-03 269 while (child) {
50800082f17645 Gavin Shan 2016-05-03 270 next = child->sibling;
50800082f17645 Gavin Shan 2016-05-03 271
50800082f17645 Gavin Shan 2016-05-03 272 child->sibling = parent->child;
50800082f17645 Gavin Shan 2016-05-03 273 parent->child = child;
50800082f17645 Gavin Shan 2016-05-03 274 child = next;
50800082f17645 Gavin Shan 2016-05-03 275 }
50800082f17645 Gavin Shan 2016-05-03 276 }
50800082f17645 Gavin Shan 2016-05-03 277
:::::: The code at line 259 was first introduced by commit
:::::: 50800082f17645620bfdd357ba9141c86b76363d drivers/of: Avoid recursively calling unflatten_dt_node()
:::::: TO: Gavin Shan <gwshan@linux.vnet.ibm.com>
:::::: CC: Rob Herring <robh@kernel.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 34227 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-01 19:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-01 19:28 drivers/of/fdt.c:259:10: warning: Access to field 'child' results in a dereference of a null pointer (loaded from variable 'parent') [clang-analyzer-core.NullDereference] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.