* drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or ...
@ 2022-04-22 5:07 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-04-22 5:07 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 30932 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Arnd Bergmann <arnd@arndb.de>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Alex Shi <alexs@kernel.org>
CC: Nick Desaulniers <ndesaulniers@google.com>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Nathan Chancellor <nathan@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: b05a5683eba6e2d40eadd5eeef53c4864149a4fe
commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11
date: 6 weeks ago
:::::: branch date: 5 hours ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-c002-20220421 (https://download.01.org/0day-ci/archive/20220422/202204221201.qJWGkgaL-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project bac6cd5bf85669e3376610cfc4c4f9ca015e7b9b)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
drivers/media/cec/core/cec-api.c:653:6: note: Assuming the condition is false
if (fh->mode_follower == CEC_MODE_MONITOR_PIN)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/cec/core/cec-api.c:653:2: note: Taking false branch
if (fh->mode_follower == CEC_MODE_MONITOR_PIN)
^
drivers/media/cec/core/cec-api.c:655:6: note: Assuming the condition is false
if (fh->mode_follower == CEC_MODE_MONITOR_ALL)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/cec/core/cec-api.c:655:2: note: Taking false branch
if (fh->mode_follower == CEC_MODE_MONITOR_ALL)
^
drivers/media/cec/core/cec-api.c:664:6: note: Assuming the condition is false
if (cec_is_registered(adap) && list_empty(&devnode->fhs) &&
^~~~~~~~~~~~~~~~~~~~~~~
drivers/media/cec/core/cec-api.c:664:30: note: Left side of '&&' is false
if (cec_is_registered(adap) && list_empty(&devnode->fhs) &&
^
drivers/media/cec/core/cec-api.c:672:2: note: Loop condition is false. Execution continues on line 680
while (!list_empty(&fh->xfer_list)) {
^
drivers/media/cec/core/cec-api.c:681:2: note: Loop condition is true. Entering loop body
while (!list_empty(&fh->msgs)) {
^
drivers/media/cec/core/cec-api.c:686:3: note: Memory is released
kfree(entry);
^~~~~~~~~~~~
drivers/media/cec/core/cec-api.c:681:2: note: Loop condition is true. Entering loop body
while (!list_empty(&fh->msgs)) {
^
drivers/media/cec/core/cec-api.c:685:3: note: Calling 'list_del'
list_del(&entry->list);
^~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:149:14: note: Use of memory after it is freed
entry->next = LIST_POISON1;
~~~~~~~~~~~ ^
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
63 warnings generated.
drivers/usb/storage/sddr09.c:240:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:240:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1106:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1106:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1108:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1108:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1153:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
drivers/usb/storage/sddr09.c:1153:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
>> drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1156:2: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1563:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1563:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1705:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
drivers/usb/storage/sddr09.c:1705:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
fs/xfs/xfs_trans_buf.c:575:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(bip->bli_formats[i].blf_data_map, 0,
^~~~~~
fs/xfs/xfs_trans_buf.c:575:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(bip->bli_formats[i].blf_data_map, 0,
^~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
fs/xfs/xfs_pnfs.c:39:3: warning: Value stored to 'error' is never read [clang-analyzer-deadcode.DeadStores]
error = break_layout(inode, true);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
fs/xfs/xfs_pnfs.c:39:3: note: Value stored to 'error' is never read
error = break_layout(inode, true);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
fs/xfs/xfs_pnfs.c:67:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(buf, &mp->m_sb.sb_uuid, sizeof(uuid_t));
^~~~~~
fs/xfs/xfs_pnfs.c:67:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(buf, &mp->m_sb.sb_uuid, sizeof(uuid_t));
^~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
Suppressed 42 warnings (41 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
fs/xfs/scrub/agheader.c:726:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(&sai, 0, sizeof(sai));
^~~~~~
fs/xfs/scrub/agheader.c:726:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(&sai, 0, sizeof(sai));
^~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
vim +1156 drivers/usb/storage/sddr09.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 1092
^1da177e4c3f41 Linus Torvalds 2005-04-16 1093 static int
^1da177e4c3f41 Linus Torvalds 2005-04-16 1094 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1095 int result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1096 unsigned char status;
ef976ea33b4c44 Victor Dodon 2016-02-17 1097 const char *wp_fmt;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1098
^1da177e4c3f41 Linus Torvalds 2005-04-16 1099 result = sddr09_read_status(us, &status);
0dc08a357538de Matthew Dharm 2005-12-04 1100 if (result) {
191648d03d2022 Joe Perches 2013-04-19 1101 usb_stor_dbg(us, "read_status fails\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1102 return result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1103 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1104 if ((status & 0x80) == 0) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1105 info->flags |= SDDR09_WP; /* write protected */
ef976ea33b4c44 Victor Dodon 2016-02-17 1106 wp_fmt = " WP";
ef976ea33b4c44 Victor Dodon 2016-02-17 1107 } else {
ef976ea33b4c44 Victor Dodon 2016-02-17 @1108 wp_fmt = "";
^1da177e4c3f41 Linus Torvalds 2005-04-16 1109 }
ef976ea33b4c44 Victor Dodon 2016-02-17 1110 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
ef976ea33b4c44 Victor Dodon 2016-02-17 1111 status & 0x40 ? " Ready" : "",
ef976ea33b4c44 Victor Dodon 2016-02-17 1112 status & LUNBITS ? " Suspended" : "",
ef976ea33b4c44 Victor Dodon 2016-02-17 1113 status & 0x01 ? " Error" : "");
ef976ea33b4c44 Victor Dodon 2016-02-17 1114
0dc08a357538de Matthew Dharm 2005-12-04 1115 return 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1116 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1117
^1da177e4c3f41 Linus Torvalds 2005-04-16 1118 #if 0
^1da177e4c3f41 Linus Torvalds 2005-04-16 1119 /*
^1da177e4c3f41 Linus Torvalds 2005-04-16 1120 * Reset Command: 12 bytes.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1121 * byte 0: opcode: EB
^1da177e4c3f41 Linus Torvalds 2005-04-16 1122 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1123 static int
^1da177e4c3f41 Linus Torvalds 2005-04-16 1124 sddr09_reset(struct us_data *us) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1125
^1da177e4c3f41 Linus Torvalds 2005-04-16 1126 unsigned char *command = us->iobuf;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1127
^1da177e4c3f41 Linus Torvalds 2005-04-16 1128 memset(command, 0, 12);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1129 command[0] = 0xEB;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 command[1] = LUNBITS;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1131
^1da177e4c3f41 Linus Torvalds 2005-04-16 1132 return sddr09_send_scsi_command(us, command, 12);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1133 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 #endif
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135
^1da177e4c3f41 Linus Torvalds 2005-04-16 1136 static struct nand_flash_dev *
^1da177e4c3f41 Linus Torvalds 2005-04-16 1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1138 struct nand_flash_dev *cardinfo;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 unsigned char deviceID[4];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1140 char blurbtxt[256];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1141 int result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1142
191648d03d2022 Joe Perches 2013-04-19 1143 usb_stor_dbg(us, "Reading capacity...\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1144
^1da177e4c3f41 Linus Torvalds 2005-04-16 1145 result = sddr09_read_deviceID(us, deviceID);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1146
0dc08a357538de Matthew Dharm 2005-12-04 1147 if (result) {
191648d03d2022 Joe Perches 2013-04-19 1148 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
6f8aa65b520371 Frank Seidel 2009-02-05 1149 printk(KERN_WARNING "sddr09: could not read card info\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1150 return NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1151 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1152
7adce46784a099 Andy Shevchenko 2014-09-05 1153 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154
^1da177e4c3f41 Linus Torvalds 2005-04-16 1155 /* Byte 0 is the manufacturer */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1156 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1157 ": Manuf. %s",
^1da177e4c3f41 Linus Torvalds 2005-04-16 1158 nand_flash_manufacturer(deviceID[0]));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1159
^1da177e4c3f41 Linus Torvalds 2005-04-16 1160 /* Byte 1 is the device type */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1161 cardinfo = nand_find_id(deviceID[1]);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162 if (cardinfo) {
f0183a338e4f90 Felipe Balbi 2016-04-18 1163 /*
f0183a338e4f90 Felipe Balbi 2016-04-18 1164 * MB or MiB? It is neither. A 16 MB card has
f0183a338e4f90 Felipe Balbi 2016-04-18 1165 * 17301504 raw bytes, of which 16384000 are
f0183a338e4f90 Felipe Balbi 2016-04-18 1166 * usable for user data.
f0183a338e4f90 Felipe Balbi 2016-04-18 1167 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1169 ", %d MB", 1<<(cardinfo->chipshift - 20));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1170 } else {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1171 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1172 ", type unrecognized");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1173 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1174
^1da177e4c3f41 Linus Torvalds 2005-04-16 1175 /* Byte 2 is code to signal availability of 128-bit ID */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1176 if (deviceID[2] == 0xa5) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1177 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1178 ", 128-bit ID");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1179 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1180
^1da177e4c3f41 Linus Torvalds 2005-04-16 1181 /* Byte 3 announces the availability of another read ID command */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1182 if (deviceID[3] == 0xc0) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1183 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1184 ", extra cmd");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1185 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1186
^1da177e4c3f41 Linus Torvalds 2005-04-16 1187 if (flags & SDDR09_WP)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1188 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1189 ", WP");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1190
6f8aa65b520371 Frank Seidel 2009-02-05 1191 printk(KERN_WARNING "%s\n", blurbtxt);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1192
^1da177e4c3f41 Linus Torvalds 2005-04-16 1193 return cardinfo;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1194 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1195
:::::: The code at line 1156 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
* drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or ...
@ 2022-04-23 1:54 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-04-23 1:54 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 45485 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Arnd Bergmann <arnd@arndb.de>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Alex Shi <alexs@kernel.org>
CC: Nick Desaulniers <ndesaulniers@google.com>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Nathan Chancellor <nathan@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 06fb4ecfeac7e00d6704fa5ed19299f2fefb3cc9
commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11
date: 6 weeks ago
:::::: branch date: 5 hours ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-c002-20220421 (https://download.01.org/0day-ci/archive/20220423/202204230917.jhVNuHbv-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 5bd87350a5ae429baf8f373cb226a57b62f87280)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
fs/xfs/libxfs/xfs_iext_tree.c:512:2: note: '?' condition is true
ASSERT(nr_entries <= KEYS_PER_NODE);
^
fs/xfs/xfs_linux.h:208:3: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assfail(NULL, #expr, __FILE__, __LINE__))
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
fs/xfs/libxfs/xfs_iext_tree.c:514:6: note: Assuming 'nr_entries' is not equal to KEYS_PER_NODE
if (nr_entries == KEYS_PER_NODE)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/xfs/libxfs/xfs_iext_tree.c:514:2: note: Taking false branch
if (nr_entries == KEYS_PER_NODE)
^
fs/xfs/libxfs/xfs_iext_tree.c:521:6: note: Assuming 'node' is equal to 'new'
if (node != new && pos == 0 && nr_entries > 0)
^~~~~~~~~~~
fs/xfs/libxfs/xfs_iext_tree.c:521:18: note: Left side of '&&' is false
if (node != new && pos == 0 && nr_entries > 0)
^
fs/xfs/libxfs/xfs_iext_tree.c:524:23: note: 'i' is <= 'pos'
for (i = nr_entries; i > pos; i--) {
^
fs/xfs/libxfs/xfs_iext_tree.c:524:2: note: Loop condition is false. Execution continues on line 528
for (i = nr_entries; i > pos; i--) {
^
fs/xfs/libxfs/xfs_iext_tree.c:528:18: note: Array access (via field 'keys') results in a null pointer dereference
node->keys[pos] = offset;
~~~~ ^
fs/xfs/libxfs/xfs_iext_tree.c:607:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(new + ifp->if_bytes, 0, new_size - ifp->if_bytes);
^~~~~~
fs/xfs/libxfs/xfs_iext_tree.c:607:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(new + ifp->if_bytes, 0, new_size - ifp->if_bytes);
^~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
63 warnings generated.
drivers/usb/storage/sddr09.c:240:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:240:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1106:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1106:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1108:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1108:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1153:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
drivers/usb/storage/sddr09.c:1153:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
>> drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1156:2: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1563:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1563:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1705:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
drivers/usb/storage/sddr09.c:1705:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
55 warnings generated.
drivers/media/cec/core/cec-notifier.c:118:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(&n->conn_info, 0, sizeof(n->conn_info));
^~~~~~
drivers/media/cec/core/cec-notifier.c:118:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(&n->conn_info, 0, sizeof(n->conn_info));
^~~~~~
drivers/media/cec/core/cec-notifier.c:135:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(&n->conn_info, 0, sizeof(n->conn_info));
^~~~~~
drivers/media/cec/core/cec-notifier.c:135:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(&n->conn_info, 0, sizeof(n->conn_info));
^~~~~~
Suppressed 53 warnings (53 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
drivers/media/cec/platform/s5p/exynos_hdmi_cecctrl.c:202:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(debug + i * 2, "%02x ", buffer[i]);
^~~~~~~
drivers/media/cec/platform/s5p/exynos_hdmi_cecctrl.c:202:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(debug + i * 2, "%02x ", buffer[i]);
^~~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
28 warnings generated.
Suppressed 28 warnings (28 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
28 warnings generated.
Suppressed 28 warnings (28 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
28 warnings generated.
Suppressed 28 warnings (28 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
28 warnings generated.
Suppressed 28 warnings (28 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
--
sound/soc/codecs/pcm512x.c:1024:3: note: Taking false branch
if (ret != 0) {
^
sound/soc/codecs/pcm512x.c:1062:12: note: Left side of '||' is true
osr_div = DIV_ROUND_CLOSEST(dac_rate, osr_rate);
^
include/linux/math.h:89:23: note: expanded from macro 'DIV_ROUND_CLOSEST'
(((typeof(x))-1) > 0 || \
^
sound/soc/codecs/pcm512x.c:1063:6: note: Assuming 'osr_div' is <= 128
if (osr_div > 128) {
^~~~~~~~~~~~~
sound/soc/codecs/pcm512x.c:1063:2: note: Taking false branch
if (osr_div > 128) {
^
sound/soc/codecs/pcm512x.c:1068:12: note: Left side of '||' is true
dac_div = DIV_ROUND_CLOSEST(dacsrc_rate, dac_rate);
^
include/linux/math.h:89:23: note: expanded from macro 'DIV_ROUND_CLOSEST'
(((typeof(x))-1) > 0 || \
^
sound/soc/codecs/pcm512x.c:1069:6: note: Assuming 'dac_div' is <= 128
if (dac_div > 128) {
^~~~~~~~~~~~~
sound/soc/codecs/pcm512x.c:1069:2: note: Taking false branch
if (dac_div > 128) {
^
sound/soc/codecs/pcm512x.c:1075:12: note: Left side of '||' is true
ncp_div = DIV_ROUND_CLOSEST(dac_rate,
^
include/linux/math.h:89:23: note: expanded from macro 'DIV_ROUND_CLOSEST'
(((typeof(x))-1) > 0 || \
^
sound/soc/codecs/pcm512x.c:1075:2: note: The value 0 is assigned to 'ncp_div'
ncp_div = DIV_ROUND_CLOSEST(dac_rate,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/pcm512x.c:1077:6: note: 'ncp_div' is <= 128
if (ncp_div > 128 || dac_rate / ncp_div > 2048000) {
^~~~~~~
sound/soc/codecs/pcm512x.c:1077:6: note: Left side of '||' is false
sound/soc/codecs/pcm512x.c:1077:32: note: Division by zero
if (ncp_div > 128 || dac_rate / ncp_div > 2048000) {
~~~~~~~~~^~~~~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
33 warnings generated.
sound/usb/line6/podhd.c:149:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%u\n", pod->serial_number);
^~~~~~~
sound/usb/line6/podhd.c:149:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%u\n", pod->serial_number);
^~~~~~~
sound/usb/line6/podhd.c:158:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%06x\n", pod->firmware_version);
^~~~~~~
sound/usb/line6/podhd.c:158:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%06x\n", pod->firmware_version);
^~~~~~~
Suppressed 31 warnings (31 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
33 warnings generated.
sound/usb/line6/toneport.c:202:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(uinfo->value.enumerated.name,
^~~~~~
sound/usb/line6/toneport.c:202:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(uinfo->value.enumerated.name,
^~~~~~
sound/usb/line6/toneport.c:314:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(led->name, sizeof(led->name), "%s::%s",
^~~~~~~~
sound/usb/line6/toneport.c:314:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(led->name, sizeof(led->name), "%s::%s",
^~~~~~~~
Suppressed 31 warnings (31 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
35 warnings generated.
sound/spi/at73c213.c:714:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(card->mixername, chip->pcm->name);
^~~~~~
sound/spi/at73c213.c:714:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(card->mixername, chip->pcm->name);
^~~~~~
sound/spi/at73c213.c:901:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&chip->reg_image, &snd_at73c213_original_image,
^~~~~~
sound/spi/at73c213.c:901:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&chip->reg_image, &snd_at73c213_original_image,
^~~~~~
sound/spi/at73c213.c:962:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(id, sizeof id, "at73c213_%d", board->ssc_id);
^~~~~~~~
sound/spi/at73c213.c:962:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(id, sizeof id, "at73c213_%d", board->ssc_id);
^~~~~~~~
sound/spi/at73c213.c:985:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(card->shortname, board->shortname);
^~~~~~
sound/spi/at73c213.c:985:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(card->shortname, board->shortname);
^~~~~~
>> sound/spi/at73c213.c:986:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->longname, "%s on irq %d", card->shortname, chip->irq);
^~~~~~~
sound/spi/at73c213.c:986:2: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->longname, "%s on irq %d", card->shortname, chip->irq);
^~~~~~~
Suppressed 30 warnings (30 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
45 warnings generated.
sound/soc/codecs/cs4234.c:550:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(dac5_masks, 0xFF, sizeof(dac5_masks));
^~~~~~
sound/soc/codecs/cs4234.c:550:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(dac5_masks, 0xFF, sizeof(dac5_masks));
^~~~~~
sound/soc/codecs/cs4234.c:834:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&cs4234->rate_dividers, &cs4234_dividers, sizeof(cs4234_dividers));
^~~~~~
sound/soc/codecs/cs4234.c:834:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&cs4234->rate_dividers, &cs4234_dividers, sizeof(cs4234_dividers));
^~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
30 warnings generated.
Suppressed 30 warnings (30 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
Suppressed 44 warnings (44 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
fs/nilfs2/cpfile.c:467:22: warning: The left operand of '+' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
*cnop = ci->ci_cno + 1;
^
fs/nilfs2/cpfile.c:586:8: note: Calling 'nilfs_cpfile_do_get_cpinfo'
nci = nilfs_cpfile_do_get_cpinfo(cpfile, &tcno, &ci, sizeof(ci), 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/cpfile.c:436:6: note: Assuming 'cno' is not equal to 0
if (cno == 0)
^~~~~~~~
fs/nilfs2/cpfile.c:436:2: note: Taking false branch
if (cno == 0)
^
fs/nilfs2/cpfile.c:440:2: note: Loop condition is true. Entering loop body
for (n = 0; n < nci; cno += ncps) {
^
fs/nilfs2/cpfile.c:443:7: note: Assuming 'ret' is >= 0
if (ret < 0) {
^~~~~~~
fs/nilfs2/cpfile.c:443:3: note: Taking false branch
if (ret < 0) {
^
fs/nilfs2/cpfile.c:452:15: note: Assuming 'i' is < 'ncps'
for (i = 0; i < ncps && n < nci; i++, cp = (void *)cp + cpsz) {
^~~~~~~~
fs/nilfs2/cpfile.c:452:15: note: Left side of '&&' is true
fs/nilfs2/cpfile.c:452:3: note: Loop condition is true. Entering loop body
for (i = 0; i < ncps && n < nci; i++, cp = (void *)cp + cpsz) {
^
fs/nilfs2/cpfile.c:453:4: note: Taking true branch
if (!nilfs_checkpoint_invalid(cp)) {
^
fs/nilfs2/cpfile.c:454:5: note: Calling 'nilfs_cpfile_checkpoint_to_cpinfo'
nilfs_cpfile_checkpoint_to_cpinfo(cpfile, cp,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/cpfile.c:454:5: note: Returning from 'nilfs_cpfile_checkpoint_to_cpinfo'
nilfs_cpfile_checkpoint_to_cpinfo(cpfile, cp,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/cpfile.c:452:15: note: Assuming 'i' is >= 'ncps'
for (i = 0; i < ncps && n < nci; i++, cp = (void *)cp + cpsz) {
^~~~~~~~
fs/nilfs2/cpfile.c:452:24: note: Left side of '&&' is false
for (i = 0; i < ncps && n < nci; i++, cp = (void *)cp + cpsz) {
^
fs/nilfs2/cpfile.c:460:3: note: Taking false branch
kunmap_atomic(kaddr);
^
include/linux/highmem-internal.h:245:2: note: expanded from macro 'kunmap_atomic'
vim +1156 drivers/usb/storage/sddr09.c
^1da177e4c3f415 Linus Torvalds 2005-04-16 1135
^1da177e4c3f415 Linus Torvalds 2005-04-16 1136 static struct nand_flash_dev *
^1da177e4c3f415 Linus Torvalds 2005-04-16 1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
^1da177e4c3f415 Linus Torvalds 2005-04-16 1138 struct nand_flash_dev *cardinfo;
^1da177e4c3f415 Linus Torvalds 2005-04-16 1139 unsigned char deviceID[4];
^1da177e4c3f415 Linus Torvalds 2005-04-16 1140 char blurbtxt[256];
^1da177e4c3f415 Linus Torvalds 2005-04-16 1141 int result;
^1da177e4c3f415 Linus Torvalds 2005-04-16 1142
191648d03d20229 Joe Perches 2013-04-19 1143 usb_stor_dbg(us, "Reading capacity...\n");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1144
^1da177e4c3f415 Linus Torvalds 2005-04-16 1145 result = sddr09_read_deviceID(us, deviceID);
^1da177e4c3f415 Linus Torvalds 2005-04-16 1146
0dc08a357538de3 Matthew Dharm 2005-12-04 1147 if (result) {
191648d03d20229 Joe Perches 2013-04-19 1148 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
6f8aa65b5203712 Frank Seidel 2009-02-05 1149 printk(KERN_WARNING "sddr09: could not read card info\n");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1150 return NULL;
^1da177e4c3f415 Linus Torvalds 2005-04-16 1151 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 1152
7adce46784a0992 Andy Shevchenko 2014-09-05 1153 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^1da177e4c3f415 Linus Torvalds 2005-04-16 1154
^1da177e4c3f415 Linus Torvalds 2005-04-16 1155 /* Byte 0 is the manufacturer */
^1da177e4c3f415 Linus Torvalds 2005-04-16 @1156 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1157 ": Manuf. %s",
^1da177e4c3f415 Linus Torvalds 2005-04-16 1158 nand_flash_manufacturer(deviceID[0]));
^1da177e4c3f415 Linus Torvalds 2005-04-16 1159
^1da177e4c3f415 Linus Torvalds 2005-04-16 1160 /* Byte 1 is the device type */
^1da177e4c3f415 Linus Torvalds 2005-04-16 1161 cardinfo = nand_find_id(deviceID[1]);
^1da177e4c3f415 Linus Torvalds 2005-04-16 1162 if (cardinfo) {
f0183a338e4f90e Felipe Balbi 2016-04-18 1163 /*
f0183a338e4f90e Felipe Balbi 2016-04-18 1164 * MB or MiB? It is neither. A 16 MB card has
f0183a338e4f90e Felipe Balbi 2016-04-18 1165 * 17301504 raw bytes, of which 16384000 are
f0183a338e4f90e Felipe Balbi 2016-04-18 1166 * usable for user data.
f0183a338e4f90e Felipe Balbi 2016-04-18 1167 */
^1da177e4c3f415 Linus Torvalds 2005-04-16 1168 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1169 ", %d MB", 1<<(cardinfo->chipshift - 20));
^1da177e4c3f415 Linus Torvalds 2005-04-16 1170 } else {
^1da177e4c3f415 Linus Torvalds 2005-04-16 1171 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1172 ", type unrecognized");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1173 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 1174
^1da177e4c3f415 Linus Torvalds 2005-04-16 1175 /* Byte 2 is code to signal availability of 128-bit ID */
^1da177e4c3f415 Linus Torvalds 2005-04-16 1176 if (deviceID[2] == 0xa5) {
^1da177e4c3f415 Linus Torvalds 2005-04-16 1177 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1178 ", 128-bit ID");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1179 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 1180
^1da177e4c3f415 Linus Torvalds 2005-04-16 1181 /* Byte 3 announces the availability of another read ID command */
^1da177e4c3f415 Linus Torvalds 2005-04-16 1182 if (deviceID[3] == 0xc0) {
^1da177e4c3f415 Linus Torvalds 2005-04-16 1183 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1184 ", extra cmd");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1185 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 1186
^1da177e4c3f415 Linus Torvalds 2005-04-16 1187 if (flags & SDDR09_WP)
^1da177e4c3f415 Linus Torvalds 2005-04-16 1188 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f415 Linus Torvalds 2005-04-16 1189 ", WP");
^1da177e4c3f415 Linus Torvalds 2005-04-16 1190
6f8aa65b5203712 Frank Seidel 2009-02-05 1191 printk(KERN_WARNING "%s\n", blurbtxt);
^1da177e4c3f415 Linus Torvalds 2005-04-16 1192
^1da177e4c3f415 Linus Torvalds 2005-04-16 1193 return cardinfo;
^1da177e4c3f415 Linus Torvalds 2005-04-16 1194 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 1195
:::::: The code at line 1156 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
* drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or ...
@ 2022-03-30 8:55 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-03-30 8:55 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 32813 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Arnd Bergmann <arnd@arndb.de>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Alex Shi <alexs@kernel.org>
CC: Nick Desaulniers <ndesaulniers@google.com>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Nathan Chancellor <nathan@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 965181d7ef7e1a863477536dc328c23a7ebc8a1d
commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11
date: 2 weeks ago
:::::: branch date: 7 hours ago
:::::: commit date: 2 weeks ago
config: arm-randconfig-c002-20220329 (https://download.01.org/0day-ci/archive/20220330/202203301630.PtkyuGLo-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
status = mos7840_calc_baud_rate_divisor(port, baudRate, &divisor,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1202:2: warning: Value stored to 'lData' is never read [clang-analyzer-deadcode.DeadStores]
lData = LCR_BITS_8;
^
drivers/usb/serial/mos7840.c:1202:2: note: Value stored to 'lData' is never read
drivers/usb/serial/mos7840.c:1203:2: warning: Value stored to 'lStop' is never read [clang-analyzer-deadcode.DeadStores]
lStop = LCR_STOP_1;
^
drivers/usb/serial/mos7840.c:1203:2: note: Value stored to 'lStop' is never read
drivers/usb/serial/mos7840.c:1306:2: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = mos7840_send_cmd_write_baud_rate(mos7840_port, baud);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1306:2: note: Value stored to 'status' is never read
status = mos7840_send_cmd_write_baud_rate(mos7840_port, baud);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1387:26: warning: Value stored to 'port' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct usb_serial_port *port = tty->driver_data;
^~~~ ~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1387:26: note: Value stored to 'port' during its initialization is never read
struct usb_serial_port *port = tty->driver_data;
^~~~ ~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1516:17: warning: Value stored to 'dev' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct device *dev = &serial->interface->dev;
^~~ ~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/serial/mos7840.c:1516:17: note: Value stored to 'dev' during its initialization is never read
struct device *dev = &serial->interface->dev;
^~~ ~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 31 warnings (31 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
drivers/usb/storage/onetouch.c:213:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(onetouch->name, sizeof(onetouch->name),
^~~~~~~~
drivers/usb/storage/onetouch.c:213:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(onetouch->name, sizeof(onetouch->name),
^~~~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
63 warnings generated.
drivers/usb/storage/sddr09.c:240:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:240:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(data, ecc, 3);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:352:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:528:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:717:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:796:4: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, len);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:922:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(bptr, xptr, info->pagesize);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1076:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(command, 0, 12);
^~~~~~
drivers/usb/storage/sddr09.c:1106:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1106:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = " WP";
^ ~~~~~
drivers/usb/storage/sddr09.c:1108:3: warning: Value stored to 'wp_fmt' is never read [clang-analyzer-deadcode.DeadStores]
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1108:3: note: Value stored to 'wp_fmt' is never read
wp_fmt = "";
^ ~~
drivers/usb/storage/sddr09.c:1153:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
drivers/usb/storage/sddr09.c:1153:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^~~~~~~
>> drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1156:2: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1168:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1171:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1177:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1183:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1188:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(blurbtxt + strlen(blurbtxt),
^~~~~~~
drivers/usb/storage/sddr09.c:1563:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1563:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(ptr, 0, 18);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1581:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, inquiry_response, 8);
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1639:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, mode_page_01, sizeof(mode_page_01));
^~~~~~
drivers/usb/storage/sddr09.c:1705:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
drivers/usb/storage/sddr09.c:1705:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
^~~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
drivers/gpu/drm/arm/display/komeda/komeda_kms.c:48:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(&evts, 0, sizeof(evts));
^~~~~~
drivers/gpu/drm/arm/display/komeda/komeda_kms.c:48:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(&evts, 0, sizeof(evts));
^~~~~~
Suppressed 43 warnings (43 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c:581:4: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(str, "pipe-%d", crtc->slave->id);
^~~~~~~
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c:581:4: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(str, "pipe-%d", crtc->slave->id);
^~~~~~~
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c:583:4: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(str, "None");
^~~~~~~
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c:583:4: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(str, "None");
^~~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
block/blk-map.c:32:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(bmd->iov, data->iov, sizeof(struct iovec) * data->nr_segs);
^~~~~~
block/blk-map.c:32:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(bmd->iov, data->iov, sizeof(struct iovec) * data->nr_segs);
vim +1156 drivers/usb/storage/sddr09.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 1092
^1da177e4c3f41 Linus Torvalds 2005-04-16 1093 static int
^1da177e4c3f41 Linus Torvalds 2005-04-16 1094 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1095 int result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1096 unsigned char status;
ef976ea33b4c44 Victor Dodon 2016-02-17 1097 const char *wp_fmt;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1098
^1da177e4c3f41 Linus Torvalds 2005-04-16 1099 result = sddr09_read_status(us, &status);
0dc08a357538de Matthew Dharm 2005-12-04 1100 if (result) {
191648d03d2022 Joe Perches 2013-04-19 1101 usb_stor_dbg(us, "read_status fails\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1102 return result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1103 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1104 if ((status & 0x80) == 0) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1105 info->flags |= SDDR09_WP; /* write protected */
ef976ea33b4c44 Victor Dodon 2016-02-17 1106 wp_fmt = " WP";
ef976ea33b4c44 Victor Dodon 2016-02-17 1107 } else {
ef976ea33b4c44 Victor Dodon 2016-02-17 @1108 wp_fmt = "";
^1da177e4c3f41 Linus Torvalds 2005-04-16 1109 }
ef976ea33b4c44 Victor Dodon 2016-02-17 1110 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
ef976ea33b4c44 Victor Dodon 2016-02-17 1111 status & 0x40 ? " Ready" : "",
ef976ea33b4c44 Victor Dodon 2016-02-17 1112 status & LUNBITS ? " Suspended" : "",
ef976ea33b4c44 Victor Dodon 2016-02-17 1113 status & 0x01 ? " Error" : "");
ef976ea33b4c44 Victor Dodon 2016-02-17 1114
0dc08a357538de Matthew Dharm 2005-12-04 1115 return 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1116 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1117
^1da177e4c3f41 Linus Torvalds 2005-04-16 1118 #if 0
^1da177e4c3f41 Linus Torvalds 2005-04-16 1119 /*
^1da177e4c3f41 Linus Torvalds 2005-04-16 1120 * Reset Command: 12 bytes.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1121 * byte 0: opcode: EB
^1da177e4c3f41 Linus Torvalds 2005-04-16 1122 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1123 static int
^1da177e4c3f41 Linus Torvalds 2005-04-16 1124 sddr09_reset(struct us_data *us) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1125
^1da177e4c3f41 Linus Torvalds 2005-04-16 1126 unsigned char *command = us->iobuf;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1127
^1da177e4c3f41 Linus Torvalds 2005-04-16 1128 memset(command, 0, 12);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1129 command[0] = 0xEB;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 command[1] = LUNBITS;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1131
^1da177e4c3f41 Linus Torvalds 2005-04-16 1132 return sddr09_send_scsi_command(us, command, 12);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1133 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 #endif
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135
^1da177e4c3f41 Linus Torvalds 2005-04-16 1136 static struct nand_flash_dev *
^1da177e4c3f41 Linus Torvalds 2005-04-16 1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1138 struct nand_flash_dev *cardinfo;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 unsigned char deviceID[4];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1140 char blurbtxt[256];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1141 int result;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1142
191648d03d2022 Joe Perches 2013-04-19 1143 usb_stor_dbg(us, "Reading capacity...\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1144
^1da177e4c3f41 Linus Torvalds 2005-04-16 1145 result = sddr09_read_deviceID(us, deviceID);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1146
0dc08a357538de Matthew Dharm 2005-12-04 1147 if (result) {
191648d03d2022 Joe Perches 2013-04-19 1148 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
6f8aa65b520371 Frank Seidel 2009-02-05 1149 printk(KERN_WARNING "sddr09: could not read card info\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1150 return NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1151 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1152
7adce46784a099 Andy Shevchenko 2014-09-05 1153 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154
^1da177e4c3f41 Linus Torvalds 2005-04-16 1155 /* Byte 0 is the manufacturer */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1156 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1157 ": Manuf. %s",
^1da177e4c3f41 Linus Torvalds 2005-04-16 1158 nand_flash_manufacturer(deviceID[0]));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1159
^1da177e4c3f41 Linus Torvalds 2005-04-16 1160 /* Byte 1 is the device type */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1161 cardinfo = nand_find_id(deviceID[1]);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162 if (cardinfo) {
f0183a338e4f90 Felipe Balbi 2016-04-18 1163 /*
f0183a338e4f90 Felipe Balbi 2016-04-18 1164 * MB or MiB? It is neither. A 16 MB card has
f0183a338e4f90 Felipe Balbi 2016-04-18 1165 * 17301504 raw bytes, of which 16384000 are
f0183a338e4f90 Felipe Balbi 2016-04-18 1166 * usable for user data.
f0183a338e4f90 Felipe Balbi 2016-04-18 1167 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1169 ", %d MB", 1<<(cardinfo->chipshift - 20));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1170 } else {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1171 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1172 ", type unrecognized");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1173 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1174
^1da177e4c3f41 Linus Torvalds 2005-04-16 1175 /* Byte 2 is code to signal availability of 128-bit ID */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1176 if (deviceID[2] == 0xa5) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1177 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1178 ", 128-bit ID");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1179 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1180
^1da177e4c3f41 Linus Torvalds 2005-04-16 1181 /* Byte 3 announces the availability of another read ID command */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1182 if (deviceID[3] == 0xc0) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1183 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1184 ", extra cmd");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1185 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1186
^1da177e4c3f41 Linus Torvalds 2005-04-16 1187 if (flags & SDDR09_WP)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1188 sprintf(blurbtxt + strlen(blurbtxt),
^1da177e4c3f41 Linus Torvalds 2005-04-16 1189 ", WP");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1190
6f8aa65b520371 Frank Seidel 2009-02-05 1191 printk(KERN_WARNING "%s\n", blurbtxt);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1192
^1da177e4c3f41 Linus Torvalds 2005-04-16 1193 return cardinfo;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1194 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1195
:::::: The code at line 1156 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-23 1:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-22 5:07 drivers/usb/storage/sddr09.c:1156:2: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-04-23 1:54 kernel test robot
2022-03-30 8:55 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.