From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [djwong-xfs:vectorized-scrub 109/367] include/linux/fortify-string.h:263:16: warning: dereference of NULL 'array' [CWE-476]
Date: Tue, 14 Jun 2022 21:49:11 +0800 [thread overview]
Message-ID: <202206142101.e8BTIKDJ-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 8209 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check first_new_problem: include/linux/fortify-string.h:263:16: warning: dereference of NULL 'array' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: "Darrick J. Wong" <darrick.wong@oracle.com>
CC: linux-kernel(a)vger.kernel.org
TO: "Darrick J. Wong" <djwong@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git vectorized-scrub
head: 879e09570c469d3320e25aa7f625ded1a2f5c24e
commit: 1cbf9e08546faaae7fcfad46d0d24707c55ced16 [109/367] xfs: track quota updates during live quotacheck
:::::: branch date: 8 days ago
:::::: commit date: 8 days ago
config: i386-randconfig-c001-20220613 (https://download.01.org/0day-ci/archive/20220614/202206142101.e8BTIKDJ-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/commit/?id=1cbf9e08546faaae7fcfad46d0d24707c55ced16
git remote add djwong-xfs https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git
git fetch --no-tags djwong-xfs vectorized-scrub
git checkout 1cbf9e08546faaae7fcfad46d0d24707c55ced16
# save the config file
ARCH=i386 KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
In file included from include/linux/string.h:253,
from include/linux/uuid.h:12,
from fs/xfs/xfs_linux.h:10,
from fs/xfs/xfs.h:22,
from fs/xfs/scrub/quotacheck.c:6:
fs/xfs/scrub/quotacheck.c: In function 'xfarray_load_sparse':
>> include/linux/fortify-string.h:263:16: warning: dereference of NULL 'array' [CWE-476] [-Wanalyzer-null-dereference]
263 | size_t __fortify_size = (size_t)(size); \
| ^~~~~~~~~~~~~~
include/linux/fortify-string.h:272:25: note: in expansion of macro '__fortify_memset_chk'
272 | #define memset(p, c, s) __fortify_memset_chk(p, c, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/xfs/scrub/xfarray.h:62:17: note: in expansion of macro 'memset'
62 | memset(rec, 0, array->obj_size);
| ^~~~~~
'xqcheck_compare_dquot': events 1-2
|
|fs/xfs/scrub/quotacheck.c:518:1:
| 518 | xqcheck_compare_dquot(
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'xqcheck_compare_dquot'
|......
| 525 | struct xfarray *counts = xqcheck_counters_for(xqc, dqtype);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'xqcheck_counters_for' from 'xqcheck_compare_dquot'
|
+--> 'xqcheck_counters_for': events 3-4
|
|fs/xfs/scrub/quotacheck.h:56:1:
| 56 | xqcheck_counters_for(
| | ^~~~~~~~~~~~~~~~~~~~
| | |
| | (3) entry to 'xqcheck_counters_for'
|......
| 60 | switch (dqtype) {
| | ~~~~~~
| | |
| | (4) following 'default:' branch...
|
'xqcheck_counters_for': event 5
|
|include/linux/compiler.h:34:25:
| 34 | ftrace_likely_update(&______f, ______r, \
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| 35 | expect, is_constant); \
| | ~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:45:26: note: in expansion of macro '__branch_check__'
| 45 | # define likely(x) (__branch_check__(x, 1, __builtin_constant_p(x)))
| | ^~~~~~~~~~~~~~~~
fs/xfs/xfs_linux.h:206:10: note: in expansion of macro 'likely'
| 206 | (likely(expr) ? (void)0 : assfail(NULL, #expr, __FILE__, __LINE__))
| | ^~~~~~
fs/xfs/scrub/quotacheck.h:69:9: note: in expansion of macro 'ASSERT'
| 69 | ASSERT(0);
| | ^~~~~~
|
<------+
|
'xqcheck_compare_dquot': events 6-7
|
|fs/xfs/scrub/quotacheck.c:525:43:
| 525 | struct xfarray *counts = xqcheck_counters_for(xqc, dqtype);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) return of NULL to 'xqcheck_compare_dquot' from 'xqcheck_counters_for'
|......
| 528 | if (xchk_iscan_aborted(&xqc->iscan)) {
| | ~
| | |
| | (7) following 'false' branch...
|
'xqcheck_compare_dquot': event 8
|
|include/linux/mutex.h:187:26:
| 187 | #define mutex_lock(lock) mutex_lock_nested(lock, 0)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
fs/xfs/scrub/quotacheck.c:533:9: note: in expansion of macro 'mutex_lock'
| 533 | mutex_lock(&xqc->lock);
| | ^~~~~~~~~~
|
'xqcheck_compare_dquot': event 9
|
| 534 | error = xfarray_load_sparse(counts, dqp->q_id, &xcdq);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) calling 'xfarray_load_sparse' from 'xqcheck_compare_dquot'
|
+--> 'xfarray_load_sparse': events 10-11
|
|fs/xfs/scrub/xfarray.h:54:1:
| 54 | xfarray_load_sparse(
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (10) entry to 'xfarray_load_sparse'
|......
| 61 | if (error == -ENODATA) {
| | ~
| | |
| | (11) following 'true' branch (when 'error == -61')...
|
'xfarray_load_sparse': event 12
vim +/array +263 include/linux/fortify-string.h
28e77cc1c06866 Kees Cook 2021-06-16 261
28e77cc1c06866 Kees Cook 2021-06-16 262 #define __fortify_memset_chk(p, c, size, p_size, p_size_field) ({ \
28e77cc1c06866 Kees Cook 2021-06-16 @263 size_t __fortify_size = (size_t)(size); \
28e77cc1c06866 Kees Cook 2021-06-16 264 fortify_memset_chk(__fortify_size, p_size, p_size_field), \
28e77cc1c06866 Kees Cook 2021-06-16 265 __underlying_memset(p, c, __fortify_size); \
28e77cc1c06866 Kees Cook 2021-06-16 266 })
28e77cc1c06866 Kees Cook 2021-06-16 267
:::::: The code at line 263 was first introduced by commit
:::::: 28e77cc1c0686621a4d416f599cee5ab369daa0a fortify: Detect struct member overflows in memset() at compile-time
:::::: TO: Kees Cook <keescook@chromium.org>
:::::: CC: Kees Cook <keescook@chromium.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
reply other threads:[~2022-06-14 13:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202206142101.e8BTIKDJ-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.