Linux-Next Archive on lore.kernel.org
 help / color / Atom feed
From: coverity-bot <keescook@chromium.org>
To: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	linux-next@vger.kernel.org
Subject: Coverity: mcp251xfd_dump_rx_ring(): Memory - illegal accesses
Date: Wed, 31 Mar 2021 14:59:44 -0700
Message-ID: <202103311459.93EB7DEBDC@keescook> (raw)

Hello!

This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20210331 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:

  None
    e0ab3dd5f98f ("can: mcp251xfd: add dev coredump support")

Coverity reported the following:

*** CID 1503585:  Memory - illegal accesses  (OVERRUN)
/drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c: 190 in mcp251xfd_dump_rx_ring()
184     static void mcp251xfd_dump_rx_ring(const struct mcp251xfd_priv *priv,
185     				   struct mcp251xfd_dump_iter *iter)
186     {
187     	struct mcp251xfd_rx_ring *rx_ring;
188     	unsigned int i;
189
vvv     CID 1503585:  Memory - illegal accesses  (OVERRUN)
vvv     Overrunning array of 1 8-byte elements at element index 1 (byte offset 15) by dereferencing pointer "priv->rx + i".
190     	mcp251xfd_for_each_rx_ring(priv, rx_ring, i)
191     		mcp251xfd_dump_rx_ring_one(priv, iter, rx_ring);
192     }
193
194     static void mcp251xfd_dump_tx_ring(const struct mcp251xfd_priv *priv,
195     				   struct mcp251xfd_dump_iter *iter)

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1503585 ("Memory - illegal accesses")
Fixes: e0ab3dd5f98f ("can: mcp251xfd: add dev coredump support")

Thanks for your attention!

-- 
Coverity-bot

             reply index

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-31 21:59 coverity-bot [this message]
2021-04-01  7:49 ` Marc Kleine-Budde
2021-04-01 20:37   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202103311459.93EB7DEBDC@keescook \
    --to=keescook@chromium.org \
    --cc=gustavo@embeddedor.com \
    --cc=linux-next@vger.kernel.org \
    --cc=mkl@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Next Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-next/0 linux-next/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-next linux-next/ https://lore.kernel.org/linux-next \
		linux-next@vger.kernel.org
	public-inbox-index linux-next

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-next


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git