From: kernel test robot <rong.a.chen@intel.com>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: kbuild-all@lists.01.org,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: [gustavoars-linux:for-next/array-bounds 2/2] drivers/char/pcmcia/cm4000_cs.c:146:2: warning: 'memset' offset [1097, 1155] from the object at 'dev' is out of the bounds of referenced subobject 'atr_csum' with type 'unsigned char' at offset 1096
Date: Sat, 24 Jul 2021 17:34:31 +0800 [thread overview]
Message-ID: <d5ae2e65-1f18-2577-246f-bada7eee6ccd@intel.com> (raw)
In-Reply-To: <202107231948.9uBeROw7-lkp@intel.com>
[-- Attachment #1: Type: text/plain, Size: 10933 bytes --]
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
for-next/array-bounds
head: 530fa69573b2e7c05bc744cedced782fa76fa3a5
commit: 530fa69573b2e7c05bc744cedced782fa76fa3a5 [2/2] Makefile: Enable
-Warray-bounds=2
:::::: branch date: 3 hours ago
:::::: commit date: 3 hours ago
config: microblaze-randconfig-s032-20210723 (attached as .config)
compiler: microblaze-linux-gcc (GCC) 10.3.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
-O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.3-341-g8af24329-dirty
#
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=530fa69573b2e7c05bc744cedced782fa76fa3a5
git remote add gustavoars-linux
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
git fetch --no-tags gustavoars-linux for-next/array-bounds
git checkout 530fa69573b2e7c05bc744cedced782fa76fa3a5
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross
C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=microblaze
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
drivers/char/pcmcia/cm4000_cs.c: In function 'cmm_open':
>> drivers/char/pcmcia/cm4000_cs.c:146:2: warning: 'memset' offset [1097, 1155] from the object at 'dev' is out of the bounds of referenced subobject 'atr_csum' with type 'unsigned char' at offset 1096 [-Warray-bounds]
146 | memset(&dev->atr_csum,0, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
147 | sizeof(struct cm4000_dev) - \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 | offsetof(struct cm4000_dev, atr_csum))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:1655:2: note: in expansion of macro
'ZERO_DEV'
1655 | ZERO_DEV(dev);
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:121:16: note: subobject 'atr_csum'
declared here
121 | unsigned char atr_csum;
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c: In function 'cmm_close':
>> drivers/char/pcmcia/cm4000_cs.c:146:2: warning: 'memset' offset [1097, 1155] from the object at 'dev' is out of the bounds of referenced subobject 'atr_csum' with type 'unsigned char' at offset 1096 [-Warray-bounds]
146 | memset(&dev->atr_csum,0, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
147 | sizeof(struct cm4000_dev) - \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 | offsetof(struct cm4000_dev, atr_csum))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:1702:2: note: in expansion of macro
'ZERO_DEV'
1702 | ZERO_DEV(dev);
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:121:16: note: subobject 'atr_csum'
declared here
121 | unsigned char atr_csum;
| ^~~~~~~~
--
In file included from drivers/scsi/libfc/fc_elsct.c:18:
drivers/scsi/libfc/fc_encode.h: In function 'fc_ct_ns_fill':
drivers/scsi/libfc/fc_encode.h:153:3: warning: 'strncpy' output may
be truncated copying between 0 and 255 bytes from a string of length 255
[-Wstringop-truncation]
153 | strncpy(ct->payload.snn.fr_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
154 | fc_host_symbolic_name(lport->host), len);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/libfc/fc_encode.h:143:3: warning: 'strncpy' output may
be truncated copying between 0 and 255 bytes from a string of length 255
[-Wstringop-truncation]
143 | strncpy(ct->payload.spn.fr_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
144 | fc_host_symbolic_name(lport->host), len);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/libfc/fc_encode.h: In function 'fc_ct_ms_fill.constprop':
>> drivers/scsi/libfc/fc_encode.h:504:3: warning: 'memcpy' offset [32, 63] from the object at 'pp' is out of the bounds of referenced subobject 'value' with type '__u8[1]' {aka 'unsigned char[1]'} at offset 32 [-Warray-bounds]
504 | memcpy(&entry->value, fc_host_supported_fc4s(lport->host),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
505 | FC_FDMI_PORT_ATTR_FC4TYPES_LEN);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/scsi/libfc.h:22,
from drivers/scsi/libfc/fc_elsct.c:17:
include/scsi/fc/fc_ms.h:161:8: note: subobject 'value' declared here
161 | __u8 value[1];
| ^~~~~
In file included from drivers/scsi/libfc/fc_elsct.c:18:
drivers/scsi/libfc/fc_encode.h:651:4: warning: 'memcpy' offset [924,
955] from the object at 'pp' is out of the bounds of referenced
subobject 'value' with type '__u8[1]' {aka 'unsigned char[1]'} at offset
924 [-Warray-bounds]
651 | memcpy(&entry->value, fc_host_active_fc4s(lport->host),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
652 | FC_FDMI_PORT_ATTR_CURRENTFC4TYPE_LEN);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/scsi/libfc.h:22,
from drivers/scsi/libfc/fc_elsct.c:17:
include/scsi/fc/fc_ms.h:161:8: note: subobject 'value' declared here
161 | __u8 value[1];
| ^~~~~
--
net/core/flow_dissector.c: In function '__skb_flow_dissect':
>> net/core/flow_dissector.c:1104:4: warning: 'memcpy' offset [24, 39] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'struct in6_addr' at offset 8 [-Warray-bounds]
1104 | memcpy(&key_addrs->v6addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1105 | sizeof(key_addrs->v6addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ipv6.h:5,
from net/core/flow_dissector.c:6:
include/uapi/linux/ipv6.h:133:18: note: subobject 'saddr' declared here
133 | struct in6_addr saddr;
| ^~~~~
>> net/core/flow_dissector.c:1059:4: warning: 'memcpy' offset [16, 19] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 12 [-Warray-bounds]
1059 | memcpy(&key_addrs->v4addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1060 | sizeof(key_addrs->v4addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ip.h:17,
from net/core/flow_dissector.c:5:
include/uapi/linux/ip.h:103:9: note: subobject 'saddr' declared here
103 | __be32 saddr;
| ^~~~~
--
net/ipv4/route.c: In function 'rt_fill_info.constprop':
>> net/ipv4/route.c:2998:4: warning: 'memcpy' offset [6, 21] from the object at 'nla' is out of the bounds of referenced subobject 'rtvia_addr' with type '__u8[0]' {aka 'unsigned char[]'} at offset 6 [-Warray-bounds]
2998 | memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/rtnetlink.h:10,
from include/linux/inetdevice.h:14,
from net/ipv4/route.c:80:
include/uapi/linux/rtnetlink.h:434:9: note: subobject 'rtvia_addr'
declared here
434 | __u8 rtvia_addr[0];
| ^~~~~~~~~~
--
In function 'ip_copy_addrs',
inlined from '__ip_queue_xmit' at net/ipv4/ip_output.c:517:2:
>> net/ipv4/ip_output.c:449:2: warning: 'memcpy' offset [40, 43] from the object at 'fl' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 36 [-Warray-bounds]
449 | memcpy(&iph->saddr, &fl4->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450 | sizeof(fl4->saddr) + sizeof(fl4->daddr));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/net/net_namespace.h:15,
from include/linux/inet.h:42,
from net/ipv4/ip_output.c:59:
net/ipv4/ip_output.c: In function '__ip_queue_xmit':
include/net/flow.h:84:11: note: subobject 'saddr' declared here
84 | __be32 saddr;
| ^~~~~
In function 'ip_copy_addrs',
inlined from '__ip_make_skb' at net/ipv4/ip_output.c:1541:2:
>> net/ipv4/ip_output.c:449:2: warning: 'memcpy' offset [40, 43] from the object at 'fl4' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 36 [-Warray-bounds]
449 | memcpy(&iph->saddr, &fl4->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450 | sizeof(fl4->saddr) + sizeof(fl4->daddr));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/net/net_namespace.h:15,
from include/linux/inet.h:42,
from net/ipv4/ip_output.c:59:
net/ipv4/ip_output.c: In function '__ip_make_skb':
include/net/flow.h:84:11: note: subobject 'saddr' declared here
84 | __be32 saddr;
| ^~~~~
--
net/ipv4/fib_semantics.c: In function 'fib_nexthop_info':
>> net/ipv4/fib_semantics.c:1637:4: warning: 'memcpy' offset [6, 21] from the object at 'nla' is out of the bounds of referenced subobject 'rtvia_addr' with type '__u8[0]' {aka 'unsigned char[]'} at offset 6 [-Warray-bounds]
1637 | memcpy(via->rtvia_addr, &nhc->nhc_gw.ipv6, alen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/rtnetlink.h:10,
from include/linux/inetdevice.h:14,
from net/ipv4/fib_semantics.c:24:
include/uapi/linux/rtnetlink.h:434:9: note: subobject 'rtvia_addr'
declared here
434 | __u8 rtvia_addr[0];
| ^~~~~~~~~~
vim +146 drivers/char/pcmcia/cm4000_cs.c
c1986ee9bea3d8 Harald Welte 2005-11-13 144 c1986ee9bea3d8 Harald Welte
2005-11-13 145 #define ZERO_DEV(dev) \
c1986ee9bea3d8 Harald Welte 2005-11-13 @146 memset(&dev->atr_csum,0, \
c1986ee9bea3d8 Harald Welte 2005-11-13 147 sizeof(struct
cm4000_dev) - \
a2bcce8ede4fbd Al Viro 2006-06-15 148 offsetof(struct
cm4000_dev, atr_csum))
c1986ee9bea3d8 Harald Welte 2005-11-13 149
:::::: The code at line 146 was first introduced by commit
:::::: c1986ee9bea3d880bcf0d3f1a31e055778f306c7 [PATCH] New Omnikey
Cardman 4000 driver
:::::: TO: Harald Welte <laforge@gnumonks.org>
:::::: CC: Linus Torvalds <torvalds@g5.osdl.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37166 bytes --]
[-- Attachment #3: Attached Message Part --]
[-- Type: text/plain, Size: 150 bytes --]
_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-leave@lists.01.org
parent reply other threads:[~2021-07-24 9:34 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <202107231948.9uBeROw7-lkp@intel.com>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5ae2e65-1f18-2577-246f-bada7eee6ccd@intel.com \
--to=rong.a.chen@intel.com \
--cc=gustavo@embeddedor.com \
--cc=gustavoars@kernel.org \
--cc=kbuild-all@lists.01.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).