* drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ...
@ 2021-11-06 7:11 kernel test robot
2021-11-13 14:22 ` kernel test robot
0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2021-11-06 7:11 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18088 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Arnd Bergmann <arnd@arndb.de>
CC: Pavel Machek <pavel@ucw.cz>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date: 6 weeks ago
:::::: branch date: 16 hours ago
:::::: commit date: 6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
net/ipv4/arp.c:556:2: note: Taking false branch
if (dev_hard_header(skb, dev, ptype, dest_hw, src_hw, skb->len) < 0)
^
net/ipv4/arp.c:569:2: note: Control jumps to the 'default' case@line 570
switch (dev->type) {
^
net/ipv4/arp.c:573:3: note: Execution continues on line 597
break;
^
net/ipv4/arp.c:603:2: note: Null pointer passed as 2nd argument to memory copy function
memcpy(arp_ptr, src_hw, dev->addr_len);
^ ~~~~~~
Suppressed 15 warnings (15 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
>> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
return strlen(strcat(buf, "\n"));
^~~~~~
drivers/leds/led-class-flash.c:210:16: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
return strlen(strcat(buf, "\n"));
^~~~~~
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
14 warnings generated.
drivers/usb/serial/keyspan.c:771:2: warning: Value stored to 'endpoint' is never read [clang-analyzer-deadcode.DeadStores]
endpoint = usb_pipeendpoint(urb->pipe);
^
drivers/usb/serial/keyspan.c:771:2: note: Value stored to 'endpoint' is never read
drivers/usb/serial/keyspan.c:829:2: warning: Value stored to 'p_priv' is never read [clang-analyzer-deadcode.DeadStores]
p_priv = usb_get_serial_port_data(port);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/keyspan.c:829:2: note: Value stored to 'p_priv' is never read
p_priv = usb_get_serial_port_data(port);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/keyspan.c:920:2: warning: Value stored to 'data' is never read [clang-analyzer-deadcode.DeadStores]
data = urb->transfer_buffer;
^ ~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/keyspan.c:920:2: note: Value stored to 'data' is never read
data = urb->transfer_buffer;
^ ~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/keyspan.c:1122:2: warning: Value stored to 'endpoint' is never read [clang-analyzer-deadcode.DeadStores]
endpoint = usb_pipeendpoint(urb->pipe);
^
drivers/usb/serial/keyspan.c:1122:2: note: Value stored to 'endpoint' is never read
drivers/usb/serial/keyspan.c:1184:2: warning: Value stored to 'len' is never read [clang-analyzer-deadcode.DeadStores]
len = 0;
^ ~
drivers/usb/serial/keyspan.c:1184:2: note: Value stored to 'len' is never read
len = 0;
^ ~
drivers/usb/serial/keyspan.c:1251:2: warning: Value stored to 'endpoint' is never read [clang-analyzer-deadcode.DeadStores]
endpoint = usb_pipeendpoint(urb->pipe);
^
drivers/usb/serial/keyspan.c:1251:2: note: Value stored to 'endpoint' is never read
drivers/usb/serial/keyspan.c:1732:3: warning: Value stored to 'ep_type_name' is never read [clang-analyzer-deadcode.DeadStores]
ep_type_name = "INT";
^ ~~~~~
drivers/usb/serial/keyspan.c:1732:3: note: Value stored to 'ep_type_name' is never read
ep_type_name = "INT";
^ ~~~~~
drivers/usb/serial/keyspan.c:1738:3: warning: Value stored to 'ep_type_name' is never read [clang-analyzer-deadcode.DeadStores]
ep_type_name = "BULK";
^ ~~~~~~
drivers/usb/serial/keyspan.c:1738:3: note: Value stored to 'ep_type_name' is never read
ep_type_name = "BULK";
^ ~~~~~~
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
28 warnings generated.
drivers/usb/serial/mos7840.c:620:2: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = mos7840_set_uart_reg(port, LINE_CONTROL_REGISTER, Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:620:2: note: Value stored to 'status' is never read
status = mos7840_set_uart_reg(port, LINE_CONTROL_REGISTER, Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:624:2: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = mos7840_set_uart_reg(port, MODEM_CONTROL_REGISTER, Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:624:2: note: Value stored to 'status' is never read
status = mos7840_set_uart_reg(port, MODEM_CONTROL_REGISTER, Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:628:2: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = mos7840_get_uart_reg(port, LINE_CONTROL_REGISTER, &Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:628:2: note: Value stored to 'status' is never read
status = mos7840_get_uart_reg(port, LINE_CONTROL_REGISTER, &Data);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:632:2: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = mos7840_set_uart_reg(port, LINE_CONTROL_REGISTER, Data);
vim +210 drivers/leds/led-class-flash.c
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209
811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37198 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ...
2021-11-06 7:11 drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 kernel test robot
@ 2021-11-13 14:22 ` kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-11-13 14:22 UTC (permalink / raw)
To: Arnd Bergmann; +Cc: llvm, kbuild-all, Linux Kernel Mailing List, Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 3843 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date: 6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
return strlen(strcat(buf, "\n"));
^~~~~~
vim +210 drivers/leds/led-class-flash.c
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209
811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37198 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 ...
@ 2021-11-13 14:22 ` kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-11-13 14:22 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 3906 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date: 6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
return strlen(strcat(buf, "\n"));
^~~~~~
vim +210 drivers/leds/led-class-flash.c
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209
811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37198 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-13 14:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-06 7:11 drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 kernel test robot
2021-11-13 14:22 ` kernel test robot
2021-11-13 14:22 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.