* sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [...
@ 2022-06-20 5:17 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-06-20 5:17 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 23180 bytes --]
::::::
:::::: Manual check reason: "low confidence static check warning: sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Daniel Kaehn <kaehndan@gmail.com>
CC: Takashi Iwai <tiwai@suse.de>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4b35035bcf80ddb47c0112c4fbd84a63a2836a18
commit: 542350509499fed057a2a56921a383888a6f4fd3 ALSA: Add generic serial MIDI driver using serial bus API
date: 6 weeks ago
:::::: branch date: 2 days ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-c002-20220619 (https://download.01.org/0day-ci/archive/20220620/202206201317.F4APgcLD-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 91688716ba49942051dccdf7b9c4f81a7ec8feaf)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=542350509499fed057a2a56921a383888a6f4fd3
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 542350509499fed057a2a56921a383888a6f4fd3
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~
drivers/base/regmap/regcache-rbtree.c:293:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(present + BITS_TO_LONGS(rbnode->blklen), 0,
^~~~~~
drivers/base/regmap/regcache-rbtree.c:302:3: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memmove(blk + offset * map->cache_word_size,
^~~~~~~
drivers/base/regmap/regcache-rbtree.c:302:3: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11
memmove(blk + offset * map->cache_word_size,
^~~~~~~
Suppressed 29 warnings (29 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
29 warnings generated.
Suppressed 29 warnings (29 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
37 warnings generated.
drivers/base/regmap/regmap-debugfs.c:31:9: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return snprintf(NULL, 0, "%x", max_val);
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:31:9: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
return snprintf(NULL, 0, "%x", max_val);
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:50:8: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = snprintf(buf, PAGE_SIZE, "%s\n", name);
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:50:8: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
ret = snprintf(buf, PAGE_SIZE, "%s\n", name);
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:251:4: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(buf + buf_pos, count - buf_pos, "%.*x: ",
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:251:4: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(buf + buf_pos, count - buf_pos, "%.*x: ",
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:258:5: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(buf + buf_pos, count - buf_pos,
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:258:5: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(buf + buf_pos, count - buf_pos,
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:261:5: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buf + buf_pos, 'X',
^~~~~~
drivers/base/regmap/regmap-debugfs.c:261:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buf + buf_pos, 'X',
^~~~~~
drivers/base/regmap/regmap-debugfs.c:402:15: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
entry_len = snprintf(entry, PAGE_SIZE, "%x-%x\n",
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:402:15: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
entry_len = snprintf(entry, PAGE_SIZE, "%x-%x\n",
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:407:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(buf + buf_pos, entry, entry_len);
^~~~~~
drivers/base/regmap/regmap-debugfs.c:407:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(buf + buf_pos, entry, entry_len);
^~~~~~
include/linux/list.h:137:13: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
__list_del(entry->prev, entry->next);
^
drivers/base/regmap/regmap-debugfs.c:657:6: note: Assuming field 'debugfs' is non-null
if (map->debugfs) {
^~~~~~~~~~~~
drivers/base/regmap/regmap-debugfs.c:657:2: note: Taking true branch
if (map->debugfs) {
^
drivers/base/regmap/regmap-debugfs.c:660:3: note: Calling 'regmap_debugfs_free_dump_cache'
regmap_debugfs_free_dump_cache(map);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/base/regmap/regmap-debugfs.c:71:2: note: Loop condition is true. Entering loop body
while (!list_empty(&map->debugfs_off_cache)) {
^
drivers/base/regmap/regmap-debugfs.c:76:3: note: Memory is released
kfree(c);
^~~~~~~~
drivers/base/regmap/regmap-debugfs.c:71:2: note: Loop condition is true. Entering loop body
while (!list_empty(&map->debugfs_off_cache)) {
^
drivers/base/regmap/regmap-debugfs.c:75:3: note: Calling 'list_del'
list_del(&c->list);
^~~~~~~~~~~~~~~~~~
include/linux/list.h:148:2: note: Calling '__list_del_entry'
__list_del_entry(entry);
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:134:2: note: Taking false branch
if (!__list_del_entry_valid(entry))
^
include/linux/list.h:137:13: note: Use of memory after it is freed
__list_del(entry->prev, entry->next);
^~~~~~~~~~~
Suppressed 29 warnings (29 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
25 warnings generated.
sound/drivers/serial-generic.c:283:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
sound/drivers/serial-generic.c:283:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
>> sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:303:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:333:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:333:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
Suppressed 21 warnings (21 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
15 warnings generated.
Suppressed 15 warnings (15 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
15 warnings generated.
Suppressed 15 warnings (15 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
drivers/platform/mellanox/mlxreg-hotplug.c:87:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(event_str, MLXREG_CORE_LABEL_MAX_SIZE, "%s=%d", label, !!action);
^~~~~~~~
drivers/platform/mellanox/mlxreg-hotplug.c:87:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(event_str, MLXREG_CORE_LABEL_MAX_SIZE, "%s=%d", label, !!action);
^~~~~~~~
drivers/platform/mellanox/mlxreg-hotplug.c:236:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%u\n", regval);
^~~~~~~
drivers/platform/mellanox/mlxreg-hotplug.c:236:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%u\n", regval);
^~~~~~~
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
45 warnings generated.
drivers/iio/proximity/sx9310.c:451:17: warning: The left operand of '>>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
*val = pthresh >> (5 - regval);
^
drivers/iio/proximity/sx9310.c:500:6: note: Assuming field 'type' is equal to IIO_PROXIMITY
if (chan->type != IIO_PROXIMITY)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/proximity/sx9310.c:500:2: note: Taking false branch
if (chan->type != IIO_PROXIMITY)
^
drivers/iio/proximity/sx9310.c:503:2: note: Control jumps to 'case IIO_EV_INFO_HYSTERESIS:' at line 515
switch (info) {
^
drivers/iio/proximity/sx9310.c:516:10: note: Calling 'sx9310_read_hysteresis'
return sx9310_read_hysteresis(data, chan, val);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/proximity/sx9310.c:435:23: note: 'pthresh' declared without an initial value
unsigned int regval, pthresh;
^~~~~~~
drivers/iio/proximity/sx9310.c:438:8: note: Calling 'sx9310_read_thresh'
ret = sx9310_read_thresh(data, chan, &pthresh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/proximity/sx9310.c:417:6: note: 'ret' is >= 0
if (ret < 0)
^~~
drivers/iio/proximity/sx9310.c:417:2: note: Taking false branch
if (ret < 0)
^
drivers/iio/proximity/sx9310.c:421:6: note: Assuming 'ret' is not equal to 0
if (ret)
^~~
drivers/iio/proximity/sx9310.c:421:2: note: Taking true branch
if (ret)
^
drivers/iio/proximity/sx9310.c:438:8: note: Returning from 'sx9310_read_thresh'
ret = sx9310_read_thresh(data, chan, &pthresh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/proximity/sx9310.c:439:6: note: Assuming 'ret' is >= 0
if (ret < 0)
^~~~~~~
drivers/iio/proximity/sx9310.c:439:2: note: Taking false branch
if (ret < 0)
^
drivers/iio/proximity/sx9310.c:443:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/iio/proximity/sx9310.c:443:2: note: Taking false branch
if (ret)
^
drivers/iio/proximity/sx9310.c:446:11: note: Taking false branch
regval = FIELD_GET(SX9310_REG_PROX_CTRL10_HYST_MASK, regval);
^
include/linux/bitfield.h:128:3: note: expanded from macro 'FIELD_GET'
__BF_FIELD_CHECK(_mask, _reg, 0U, "FIELD_GET: "); \
^
include/linux/bitfield.h:65:3: note: expanded from macro '__BF_FIELD_CHECK'
BUILD_BUG_ON_MSG(!__builtin_constant_p(_mask), \
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
vim +303 sound/drivers/serial-generic.c
542350509499fe Daniel Kaehn 2022-05-09 286
542350509499fe Daniel Kaehn 2022-05-09 287 static int snd_serial_generic_rmidi(struct snd_serial_generic *drvdata,
542350509499fe Daniel Kaehn 2022-05-09 288 int outs, int ins, struct snd_rawmidi **rmidi)
542350509499fe Daniel Kaehn 2022-05-09 289 {
542350509499fe Daniel Kaehn 2022-05-09 290 struct snd_rawmidi *rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 291 int err;
542350509499fe Daniel Kaehn 2022-05-09 292
542350509499fe Daniel Kaehn 2022-05-09 293 err = snd_rawmidi_new(drvdata->card, drvdata->card->driver, 0,
542350509499fe Daniel Kaehn 2022-05-09 294 outs, ins, &rrawmidi);
542350509499fe Daniel Kaehn 2022-05-09 295
542350509499fe Daniel Kaehn 2022-05-09 296 if (err < 0)
542350509499fe Daniel Kaehn 2022-05-09 297 return err;
542350509499fe Daniel Kaehn 2022-05-09 298
542350509499fe Daniel Kaehn 2022-05-09 299 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_INPUT,
542350509499fe Daniel Kaehn 2022-05-09 300 &snd_serial_generic_input);
542350509499fe Daniel Kaehn 2022-05-09 301 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
542350509499fe Daniel Kaehn 2022-05-09 302 &snd_serial_generic_output);
542350509499fe Daniel Kaehn 2022-05-09 @303 strcpy(rrawmidi->name, drvdata->card->shortname);
542350509499fe Daniel Kaehn 2022-05-09 304
542350509499fe Daniel Kaehn 2022-05-09 305 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT],
542350509499fe Daniel Kaehn 2022-05-09 306 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 307 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT],
542350509499fe Daniel Kaehn 2022-05-09 308 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 309
542350509499fe Daniel Kaehn 2022-05-09 310 rrawmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
542350509499fe Daniel Kaehn 2022-05-09 311 SNDRV_RAWMIDI_INFO_INPUT |
542350509499fe Daniel Kaehn 2022-05-09 312 SNDRV_RAWMIDI_INFO_DUPLEX;
542350509499fe Daniel Kaehn 2022-05-09 313
542350509499fe Daniel Kaehn 2022-05-09 314 if (rmidi)
542350509499fe Daniel Kaehn 2022-05-09 315 *rmidi = rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 316 return 0;
542350509499fe Daniel Kaehn 2022-05-09 317 }
542350509499fe Daniel Kaehn 2022-05-09 318
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 4+ messages in thread
* sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [...
@ 2023-02-23 9:44 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2023-02-23 9:44 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
BCC: lkp@intel.com
CC: llvm@lists.linux.dev
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Daniel Kaehn <kaehndan@gmail.com>
CC: Takashi Iwai <tiwai@suse.de>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: a5c95ca18a98d742d0a4a04063c32556b5b66378
commit: 542350509499fed057a2a56921a383888a6f4fd3 ALSA: Add generic serial MIDI driver using serial bus API
date: 10 months ago
:::::: branch date: 7 hours ago
:::::: commit date: 10 months ago
config: arm-randconfig-c002-20230219 (https://download.01.org/0day-ci/archive/20230223/202302231712.B2Zs3UAJ-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project db89896bbbd2251fff457699635acbbedeead27f)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=542350509499fed057a2a56921a383888a6f4fd3
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 542350509499fed057a2a56921a383888a6f4fd3
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/r/202302231712.B2Zs3UAJ-lkp@intel.com/
clang_analyzer warnings: (new ones prefixed by >>)
^~~~~~~~
sound/soc/codecs/lpass-tx-macro.c:777:2: note: Taking true branch
if (val != 0) {
^
sound/soc/codecs/lpass-tx-macro.c:778:7: note: Assuming 'val' is < 5
if (val < 5) {
^~~~~~~
sound/soc/codecs/lpass-tx-macro.c:778:3: note: Taking true branch
if (val < 5) {
^
sound/soc/codecs/lpass-tx-macro.c:779:4: note: 2nd function call argument is an uninitialized value
snd_soc_component_write_field(component, mic_sel_reg,
^ ~~~~~~~~~~~
sound/soc/codecs/lpass-tx-macro.c:782:4: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
snd_soc_component_write_field(component, mic_sel_reg,
^ ~~~~~~~~~~~
sound/soc/codecs/lpass-tx-macro.c:744:2: note: 'mic_sel_reg' declared without an initial value
u16 mic_sel_reg;
^~~~~~~~~~~~~~~
sound/soc/codecs/lpass-tx-macro.c:750:2: note: 'Default' branch taken. Execution continues on line 777
switch (e->reg) {
^
sound/soc/codecs/lpass-tx-macro.c:777:6: note: Assuming 'val' is not equal to 0
if (val != 0) {
^~~~~~~~
sound/soc/codecs/lpass-tx-macro.c:777:2: note: Taking true branch
if (val != 0) {
^
sound/soc/codecs/lpass-tx-macro.c:778:7: note: Assuming 'val' is >= 5
if (val < 5) {
^~~~~~~
sound/soc/codecs/lpass-tx-macro.c:778:3: note: Taking false branch
if (val < 5) {
^
sound/soc/codecs/lpass-tx-macro.c:782:4: note: 2nd function call argument is an uninitialized value
snd_soc_component_write_field(component, mic_sel_reg,
^ ~~~~~~~~~~~
Suppressed 39 warnings (39 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
48 warnings generated.
Suppressed 48 warnings (48 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
49 warnings generated.
sound/soc/generic/simple-card-utils.c:46:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%s%s", prefix, "convert-rate");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:46:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%s%s", prefix, "convert-rate");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:50:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%s%s", prefix, "convert-channels");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:50:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%s%s", prefix, "convert-channels");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:172:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%sname", prefix);
^~~~~~~~
sound/soc/generic/simple-card-utils.c:172:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%sname", prefix);
^~~~~~~~
sound/soc/generic/simple-card-utils.c:636:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%s%s", prefix, "routing");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:636:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%s%s", prefix, "routing");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:654:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%s%s", prefix, "widgets");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:654:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%s%s", prefix, "widgets");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:672:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%s%s", prefix, "pin-switches");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:672:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%s%s", prefix, "pin-switches");
^~~~~~~~
sound/soc/generic/simple-card-utils.c:697:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%shp-det-gpio", prefix);
^~~~~~~~
sound/soc/generic/simple-card-utils.c:697:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%shp-det-gpio", prefix);
^~~~~~~~
sound/soc/generic/simple-card-utils.c:702:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(prop, sizeof(prop), "%smic-det-gpio", prefix);
^~~~~~~~
sound/soc/generic/simple-card-utils.c:702:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(prop, sizeof(prop), "%smic-det-gpio", prefix);
^~~~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
30 warnings generated.
sound/drivers/serial-generic.c:283:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
sound/drivers/serial-generic.c:283:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
>> sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:303:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:333:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:333:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
Suppressed 26 warnings (26 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
46 warnings generated.
drivers/usb/host/r8a66597-hcd.c:657:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(array, 0, sizeof(array));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:657:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(array, 0, sizeof(array));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2092:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(now_map, 0, sizeof(now_map));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2092:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(now_map, 0, sizeof(now_map));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2451:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(r8a66597, 0, sizeof(struct r8a66597));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2451:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(r8a66597, 0, sizeof(struct r8a66597));
^
include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2457:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(clk_name, sizeof(clk_name), "usb%d", pdev->id);
^~~~~~~~
drivers/usb/host/r8a66597-hcd.c:2457:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(clk_name, sizeof(clk_name), "usb%d", pdev->id);
^~~~~~~~
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
vim +303 sound/drivers/serial-generic.c
542350509499fe Daniel Kaehn 2022-05-09 286
542350509499fe Daniel Kaehn 2022-05-09 287 static int snd_serial_generic_rmidi(struct snd_serial_generic *drvdata,
542350509499fe Daniel Kaehn 2022-05-09 288 int outs, int ins, struct snd_rawmidi **rmidi)
542350509499fe Daniel Kaehn 2022-05-09 289 {
542350509499fe Daniel Kaehn 2022-05-09 290 struct snd_rawmidi *rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 291 int err;
542350509499fe Daniel Kaehn 2022-05-09 292
542350509499fe Daniel Kaehn 2022-05-09 293 err = snd_rawmidi_new(drvdata->card, drvdata->card->driver, 0,
542350509499fe Daniel Kaehn 2022-05-09 294 outs, ins, &rrawmidi);
542350509499fe Daniel Kaehn 2022-05-09 295
542350509499fe Daniel Kaehn 2022-05-09 296 if (err < 0)
542350509499fe Daniel Kaehn 2022-05-09 297 return err;
542350509499fe Daniel Kaehn 2022-05-09 298
542350509499fe Daniel Kaehn 2022-05-09 299 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_INPUT,
542350509499fe Daniel Kaehn 2022-05-09 300 &snd_serial_generic_input);
542350509499fe Daniel Kaehn 2022-05-09 301 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
542350509499fe Daniel Kaehn 2022-05-09 302 &snd_serial_generic_output);
542350509499fe Daniel Kaehn 2022-05-09 @303 strcpy(rrawmidi->name, drvdata->card->shortname);
542350509499fe Daniel Kaehn 2022-05-09 304
542350509499fe Daniel Kaehn 2022-05-09 305 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT],
542350509499fe Daniel Kaehn 2022-05-09 306 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 307 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT],
542350509499fe Daniel Kaehn 2022-05-09 308 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 309
542350509499fe Daniel Kaehn 2022-05-09 310 rrawmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
542350509499fe Daniel Kaehn 2022-05-09 311 SNDRV_RAWMIDI_INFO_INPUT |
542350509499fe Daniel Kaehn 2022-05-09 312 SNDRV_RAWMIDI_INFO_DUPLEX;
542350509499fe Daniel Kaehn 2022-05-09 313
542350509499fe Daniel Kaehn 2022-05-09 314 if (rmidi)
542350509499fe Daniel Kaehn 2022-05-09 315 *rmidi = rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 316 return 0;
542350509499fe Daniel Kaehn 2022-05-09 317 }
542350509499fe Daniel Kaehn 2022-05-09 318
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 4+ messages in thread
* sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [...
@ 2023-02-21 6:11 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2023-02-21 6:11 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
BCC: lkp@intel.com
CC: llvm@lists.linux.dev
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Daniel Kaehn <kaehndan@gmail.com>
CC: Takashi Iwai <tiwai@suse.de>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 1f2d9ffc7a5f916935749ffc6e93fb33bfe94d2f
commit: 542350509499fed057a2a56921a383888a6f4fd3 ALSA: Add generic serial MIDI driver using serial bus API
date: 10 months ago
:::::: branch date: 4 hours ago
:::::: commit date: 10 months ago
config: arm-randconfig-c002-20230219 (https://download.01.org/0day-ci/archive/20230221/202302211437.NbXiPuyh-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project db89896bbbd2251fff457699635acbbedeead27f)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=542350509499fed057a2a56921a383888a6f4fd3
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 542350509499fed057a2a56921a383888a6f4fd3
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/r/202302211437.NbXiPuyh-lkp@intel.com/
clang_analyzer warnings: (new ones prefixed by >>)
drivers/media/dvb-frontends/stv6110.c:125:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&priv->regs[start], regs, len);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:206:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(priv->regs, buf0, 8);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:206:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(priv->regs, buf0, 8);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:421:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&priv->regs, ®0[1], 8);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:421:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&priv->regs, ®0[1], 8);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:423:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&fe->ops.tuner_ops, &stv6110_tuner_ops,
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv6110.c:423:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&fe->ops.tuner_ops, &stv6110_tuner_ops,
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
Suppressed 49 warnings (48 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
30 warnings generated.
sound/drivers/serial-generic.c:283:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
sound/drivers/serial-generic.c:283:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
>> sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:303:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:333:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:333:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
Suppressed 26 warnings (26 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
sound/core/seq/seq_memory.c:118:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(*bufptr, src, size);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
sound/core/seq/seq_memory.c:118:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(*bufptr, src, size);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
sound/core/seq/seq_memory.c:345:5: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&tmp->event, buf, size);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
sound/core/seq/seq_memory.c:345:5: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&tmp->event, buf, size);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
sound/core/seq/seq_memory.c:345:5: warning: Null pointer passed as 2nd argument to memory copy function [clang-analyzer-unix.cstring.NullArg]
memcpy(&tmp->event, buf, size);
^
include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^ ~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^ ~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^
sound/core/seq/seq_memory.c:293:6: note: Assuming the condition is true
if (snd_seq_ev_is_variable(event)) {
^
include/sound/asequencer.h:55:37: note: expanded from macro 'snd_seq_ev_is_variable'
#define snd_seq_ev_is_variable(ev) (snd_seq_ev_length_type(ev) == SNDRV_SEQ_EVENT_LENGTH_VARIABLE)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/sound/asequencer.h:53:36: note: expanded from macro 'snd_seq_ev_length_type'
#define snd_seq_ev_length_type(ev) ((ev)->flags & SNDRV_SEQ_EVENT_LENGTH_MASK)
^
sound/core/seq/seq_memory.c:293:2: note: Taking true branch
if (snd_seq_ev_is_variable(event)) {
^
sound/core/seq/seq_memory.c:297:6: note: Assuming 'ncells' is < field 'total_elements'
if (ncells >= pool->total_elements)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +303 sound/drivers/serial-generic.c
542350509499fe Daniel Kaehn 2022-05-09 286
542350509499fe Daniel Kaehn 2022-05-09 287 static int snd_serial_generic_rmidi(struct snd_serial_generic *drvdata,
542350509499fe Daniel Kaehn 2022-05-09 288 int outs, int ins, struct snd_rawmidi **rmidi)
542350509499fe Daniel Kaehn 2022-05-09 289 {
542350509499fe Daniel Kaehn 2022-05-09 290 struct snd_rawmidi *rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 291 int err;
542350509499fe Daniel Kaehn 2022-05-09 292
542350509499fe Daniel Kaehn 2022-05-09 293 err = snd_rawmidi_new(drvdata->card, drvdata->card->driver, 0,
542350509499fe Daniel Kaehn 2022-05-09 294 outs, ins, &rrawmidi);
542350509499fe Daniel Kaehn 2022-05-09 295
542350509499fe Daniel Kaehn 2022-05-09 296 if (err < 0)
542350509499fe Daniel Kaehn 2022-05-09 297 return err;
542350509499fe Daniel Kaehn 2022-05-09 298
542350509499fe Daniel Kaehn 2022-05-09 299 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_INPUT,
542350509499fe Daniel Kaehn 2022-05-09 300 &snd_serial_generic_input);
542350509499fe Daniel Kaehn 2022-05-09 301 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
542350509499fe Daniel Kaehn 2022-05-09 302 &snd_serial_generic_output);
542350509499fe Daniel Kaehn 2022-05-09 @303 strcpy(rrawmidi->name, drvdata->card->shortname);
542350509499fe Daniel Kaehn 2022-05-09 304
542350509499fe Daniel Kaehn 2022-05-09 305 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT],
542350509499fe Daniel Kaehn 2022-05-09 306 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 307 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT],
542350509499fe Daniel Kaehn 2022-05-09 308 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 309
542350509499fe Daniel Kaehn 2022-05-09 310 rrawmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
542350509499fe Daniel Kaehn 2022-05-09 311 SNDRV_RAWMIDI_INFO_INPUT |
542350509499fe Daniel Kaehn 2022-05-09 312 SNDRV_RAWMIDI_INFO_DUPLEX;
542350509499fe Daniel Kaehn 2022-05-09 313
542350509499fe Daniel Kaehn 2022-05-09 314 if (rmidi)
542350509499fe Daniel Kaehn 2022-05-09 315 *rmidi = rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 316 return 0;
542350509499fe Daniel Kaehn 2022-05-09 317 }
542350509499fe Daniel Kaehn 2022-05-09 318
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 4+ messages in thread
* sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [...
@ 2022-07-25 20:27 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-07-25 20:27 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 25388 bytes --]
::::::
:::::: Manual check reason: "low confidence static check warning: sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Daniel Kaehn <kaehndan@gmail.com>
CC: Takashi Iwai <tiwai@suse.de>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: e0dccc3b76fb35bb257b4118367a883073d7390e
commit: 542350509499fed057a2a56921a383888a6f4fd3 ALSA: Add generic serial MIDI driver using serial bus API
date: 2 months ago
:::::: branch date: 24 hours ago
:::::: commit date: 2 months ago
config: arm-randconfig-c002-20220718 (https://download.01.org/0day-ci/archive/20220726/202207260459.vxhTdxgE-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project d74b88c69dc2644bd0dc5d64e2d7413a0d4040e5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=542350509499fed057a2a56921a383888a6f4fd3
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 542350509499fed057a2a56921a383888a6f4fd3
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:828:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:857:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:857:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:886:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:886:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:915:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:915:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:958:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:958:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:991:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:991:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1040:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1040:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1091:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1091:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1127:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1127:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1156:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1156:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1197:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%#lx\n", val);
^~~~~~~
drivers/hwtracing/coresight/coresight-etm3x-sysfs.c:1197:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%#lx\n", val);
^~~~~~~
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
47 warnings generated.
drivers/media/tuners/mxl5007t.c:348:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&state->tab_init, &init_tab, sizeof(init_tab));
^~~~~~
drivers/media/tuners/mxl5007t.c:348:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&state->tab_init, &init_tab, sizeof(init_tab));
^~~~~~
drivers/media/tuners/mxl5007t.c:349:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&state->tab_init_cable, &init_tab_cable, sizeof(init_tab_cable));
^~~~~~
drivers/media/tuners/mxl5007t.c:349:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&state->tab_init_cable, &init_tab_cable, sizeof(init_tab_cable));
^~~~~~
drivers/media/tuners/mxl5007t.c:405:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&state->tab_rftune, ®_pair_rftune, sizeof(reg_pair_rftune));
^~~~~~
drivers/media/tuners/mxl5007t.c:405:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&state->tab_rftune, ®_pair_rftune, sizeof(reg_pair_rftune));
^~~~~~
drivers/media/tuners/mxl5007t.c:900:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(&fe->ops.tuner_ops, &mxl5007t_tuner_ops,
^~~~~~
drivers/media/tuners/mxl5007t.c:900:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&fe->ops.tuner_ops, &mxl5007t_tuner_ops,
^~~~~~
Suppressed 43 warnings (41 in non-user code, 2 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
24 warnings generated.
sound/drivers/serial-generic.c:283:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
sound/drivers/serial-generic.c:283:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(substream->name, "Serial MIDI %d-%d", dev_num, substream->number);
^~~~~~~
>> sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:303:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(rrawmidi->name, drvdata->card->shortname);
^~~~~~
sound/drivers/serial-generic.c:333:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:333:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->shortname, "SerialMIDI-%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
sound/drivers/serial-generic.c:334:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(card->longname, "Serial MIDI device at serial%d", serdev->ctrl->nr);
^~~~~~~
Suppressed 20 warnings (20 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
29 warnings generated.
Suppressed 29 warnings (29 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
30 warnings generated.
drivers/ssb/driver_chipcommon.c:130:12: warning: The left operand of '&' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
if (tmp & 0x10)
^
drivers/ssb/driver_chipcommon.c:384:6: note: Assuming field 'dev' is non-null
if (!cc->dev)
^~~~~~~~
drivers/ssb/driver_chipcommon.c:384:2: note: Taking false branch
if (!cc->dev)
^
drivers/ssb/driver_chipcommon.c:386:2: note: Calling 'chipco_powercontrol_init'
chipco_powercontrol_init(cc);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:215:6: note: Assuming field 'chip_id' is not equal to 17185
if (bus->chip_id == 0x4321) {
^~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:215:2: note: Taking false branch
if (bus->chip_id == 0x4321) {
^
drivers/ssb/driver_chipcommon.c:222:6: note: Assuming the condition is false
if (!(cc->capabilities & SSB_CHIPCO_CAP_PCTL))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:222:2: note: Taking false branch
if (!(cc->capabilities & SSB_CHIPCO_CAP_PCTL))
^
drivers/ssb/driver_chipcommon.c:225:6: note: Assuming field 'revision' is < 10
if (cc->dev->id.revision >= 10) {
^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:225:2: note: Taking false branch
if (cc->dev->id.revision >= 10) {
^
drivers/ssb/driver_chipcommon.c:233:13: note: Calling 'chipco_pctl_clockfreqlimit'
maxfreq = chipco_pctl_clockfreqlimit(cc, 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:157:13: note: Calling 'chipco_pctl_get_slowclksrc'
clocksrc = chipco_pctl_get_slowclksrc(cc);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:122:2: note: 'tmp' declared without an initial value
u32 tmp;
^~~~~~~
drivers/ssb/driver_chipcommon.c:124:6: note: Assuming field 'revision' is < 6
if (cc->dev->id.revision < 6) {
^~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:124:2: note: Taking true branch
if (cc->dev->id.revision < 6) {
^
drivers/ssb/driver_chipcommon.c:125:7: note: Assuming field 'bustype' is not equal to SSB_BUSTYPE_SSB
if (bus->bustype == SSB_BUSTYPE_SSB ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:125:7: note: Left side of '||' is false
drivers/ssb/driver_chipcommon.c:126:7: note: Assuming field 'bustype' is not equal to SSB_BUSTYPE_PCMCIA
bus->bustype == SSB_BUSTYPE_PCMCIA)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:125:3: note: Taking false branch
if (bus->bustype == SSB_BUSTYPE_SSB ||
^
drivers/ssb/driver_chipcommon.c:128:7: note: Assuming field 'bustype' is equal to SSB_BUSTYPE_PCI
if (bus->bustype == SSB_BUSTYPE_PCI) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:128:3: note: Taking true branch
if (bus->bustype == SSB_BUSTYPE_PCI) {
^
drivers/ssb/driver_chipcommon.c:129:4: note: Calling 'pci_read_config_dword'
pci_read_config_dword(bus->host_pci, SSB_GPIO_OUT, &tmp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/pci.h:1772:1: note: Returning without writing to '*val'
_PCI_NOP_ALL(read, *)
^
include/linux/pci.h:1771:5: note: expanded from macro '_PCI_NOP_ALL'
_PCI_NOP(o, dword, u32 x)
^
include/linux/pci.h:1767:5: note: expanded from macro '_PCI_NOP'
{ return PCIBIOS_FUNC_NOT_SUPPORTED; }
^
drivers/ssb/driver_chipcommon.c:129:4: note: Returning from 'pci_read_config_dword'
pci_read_config_dword(bus->host_pci, SSB_GPIO_OUT, &tmp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/ssb/driver_chipcommon.c:130:12: note: The left operand of '&' is a garbage value
vim +303 sound/drivers/serial-generic.c
542350509499fe Daniel Kaehn 2022-05-09 286
542350509499fe Daniel Kaehn 2022-05-09 287 static int snd_serial_generic_rmidi(struct snd_serial_generic *drvdata,
542350509499fe Daniel Kaehn 2022-05-09 288 int outs, int ins, struct snd_rawmidi **rmidi)
542350509499fe Daniel Kaehn 2022-05-09 289 {
542350509499fe Daniel Kaehn 2022-05-09 290 struct snd_rawmidi *rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 291 int err;
542350509499fe Daniel Kaehn 2022-05-09 292
542350509499fe Daniel Kaehn 2022-05-09 293 err = snd_rawmidi_new(drvdata->card, drvdata->card->driver, 0,
542350509499fe Daniel Kaehn 2022-05-09 294 outs, ins, &rrawmidi);
542350509499fe Daniel Kaehn 2022-05-09 295
542350509499fe Daniel Kaehn 2022-05-09 296 if (err < 0)
542350509499fe Daniel Kaehn 2022-05-09 297 return err;
542350509499fe Daniel Kaehn 2022-05-09 298
542350509499fe Daniel Kaehn 2022-05-09 299 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_INPUT,
542350509499fe Daniel Kaehn 2022-05-09 300 &snd_serial_generic_input);
542350509499fe Daniel Kaehn 2022-05-09 301 snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
542350509499fe Daniel Kaehn 2022-05-09 302 &snd_serial_generic_output);
542350509499fe Daniel Kaehn 2022-05-09 @303 strcpy(rrawmidi->name, drvdata->card->shortname);
542350509499fe Daniel Kaehn 2022-05-09 304
542350509499fe Daniel Kaehn 2022-05-09 305 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT],
542350509499fe Daniel Kaehn 2022-05-09 306 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 307 snd_serial_generic_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT],
542350509499fe Daniel Kaehn 2022-05-09 308 drvdata->serdev->ctrl->nr);
542350509499fe Daniel Kaehn 2022-05-09 309
542350509499fe Daniel Kaehn 2022-05-09 310 rrawmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
542350509499fe Daniel Kaehn 2022-05-09 311 SNDRV_RAWMIDI_INFO_INPUT |
542350509499fe Daniel Kaehn 2022-05-09 312 SNDRV_RAWMIDI_INFO_DUPLEX;
542350509499fe Daniel Kaehn 2022-05-09 313
542350509499fe Daniel Kaehn 2022-05-09 314 if (rmidi)
542350509499fe Daniel Kaehn 2022-05-09 315 *rmidi = rrawmidi;
542350509499fe Daniel Kaehn 2022-05-09 316 return 0;
542350509499fe Daniel Kaehn 2022-05-09 317 }
542350509499fe Daniel Kaehn 2022-05-09 318
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-02-23 9:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-20 5:17 sound/drivers/serial-generic.c:303:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [ kernel test robot
2022-07-25 20:27 kernel test robot
2023-02-21 6:11 kernel test robot
2023-02-23 9:44 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.