lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202102100518.IyS9JBKB-lkp@intel.com>
Date:   Wed, 10 Feb 2021 05:37:25 +0800
From:   kernel test robot <lkp@...el.com>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     kbuild-all@...ts.01.org,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [gustavoars-linux:testing/uapi/nfsd/nfsfh 1/2] fs/hpfs/dir.c:163:41:
 warning: array subscript 1 is above array bounds of {aka 'unsigned

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git testing/uapi/nfsd/nfsfh
head:   d28670226e028e65b0de5e6744c5df188fc2728b
commit: 5c976c3f03be89378ca672c1a3c7ce7048d90606 [1/2] Makefile: Enable -Warray-bounds
config: h8300-randconfig-s031-20210209 (attached as .config)
compiler: h8300-linux-gcc (GCC) 9.3.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.3-215-g0fb77bb6-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=5c976c3f03be89378ca672c1a3c7ce7048d90606
        git remote add gustavoars-linux https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
        git fetch --no-tags gustavoars-linux testing/uapi/nfsd/nfsfh
        git checkout 5c976c3f03be89378ca672c1a3c7ce7048d90606
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=h8300 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   fs/hpfs/dir.c: In function 'hpfs_readdir':
>> fs/hpfs/dir.c:163:41: warning: array subscript 1 is above array bounds of 'u8[1]' {aka 'unsigned char[1]'} [-Warray-bounds]
     163 |         || de ->name[0] != 1 || de->name[1] != 1))
         |                                 ~~~~~~~~^~~


vim +163 fs/hpfs/dir.c

^1da177e4c3f41 Linus Torvalds   2005-04-16   64  
568f8f5ec5f1ac Al Viro          2013-05-18   65  static int hpfs_readdir(struct file *file, struct dir_context *ctx)
^1da177e4c3f41 Linus Torvalds   2005-04-16   66  {
568f8f5ec5f1ac Al Viro          2013-05-18   67  	struct inode *inode = file_inode(file);
^1da177e4c3f41 Linus Torvalds   2005-04-16   68  	struct hpfs_inode_info *hpfs_inode = hpfs_i(inode);
^1da177e4c3f41 Linus Torvalds   2005-04-16   69  	struct quad_buffer_head qbh;
^1da177e4c3f41 Linus Torvalds   2005-04-16   70  	struct hpfs_dirent *de;
^1da177e4c3f41 Linus Torvalds   2005-04-16   71  	int lc;
568f8f5ec5f1ac Al Viro          2013-05-18   72  	loff_t next_pos;
7e7742ee005c88 Al Viro          2010-01-31   73  	unsigned char *tempname;
^1da177e4c3f41 Linus Torvalds   2005-04-16   74  	int c1, c2 = 0;
^1da177e4c3f41 Linus Torvalds   2005-04-16   75  	int ret = 0;
^1da177e4c3f41 Linus Torvalds   2005-04-16   76  
9a311b96c3065f Arnd Bergmann    2011-01-22   77  	hpfs_lock(inode->i_sb);
^1da177e4c3f41 Linus Torvalds   2005-04-16   78  
^1da177e4c3f41 Linus Torvalds   2005-04-16   79  	if (hpfs_sb(inode->i_sb)->sb_chk) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   80  		if (hpfs_chk_sectors(inode->i_sb, inode->i_ino, 1, "dir_fnode")) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   81  			ret = -EFSERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16   82  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16   83  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16   84  		if (hpfs_chk_sectors(inode->i_sb, hpfs_inode->i_dno, 4, "dir_dnode")) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   85  			ret = -EFSERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16   86  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16   87  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16   88  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16   89  	if (hpfs_sb(inode->i_sb)->sb_chk >= 2) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   90  		struct buffer_head *bh;
^1da177e4c3f41 Linus Torvalds   2005-04-16   91  		struct fnode *fno;
^1da177e4c3f41 Linus Torvalds   2005-04-16   92  		int e = 0;
^1da177e4c3f41 Linus Torvalds   2005-04-16   93  		if (!(fno = hpfs_map_fnode(inode->i_sb, inode->i_ino, &bh))) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   94  			ret = -EIOERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16   95  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16   96  		}
c4c995430a94e7 Al Viro          2012-04-06   97  		if (!fnode_is_dir(fno)) {
^1da177e4c3f41 Linus Torvalds   2005-04-16   98  			e = 1;
18debbbcce1306 Randy Dunlap     2006-12-06   99  			hpfs_error(inode->i_sb, "not a directory, fnode %08lx",
18debbbcce1306 Randy Dunlap     2006-12-06  100  					(unsigned long)inode->i_ino);
^1da177e4c3f41 Linus Torvalds   2005-04-16  101  		}
0b69760be6968c Mikulas Patocka  2011-05-08  102  		if (hpfs_inode->i_dno != le32_to_cpu(fno->u.external[0].disk_secno)) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  103  			e = 1;
0b69760be6968c Mikulas Patocka  2011-05-08  104  			hpfs_error(inode->i_sb, "corrupted inode: i_dno == %08x, fnode -> dnode == %08x", hpfs_inode->i_dno, le32_to_cpu(fno->u.external[0].disk_secno));
^1da177e4c3f41 Linus Torvalds   2005-04-16  105  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16  106  		brelse(bh);
^1da177e4c3f41 Linus Torvalds   2005-04-16  107  		if (e) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  108  			ret = -EFSERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16  109  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  110  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16  111  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  112  	lc = hpfs_sb(inode->i_sb)->sb_lowercase;
568f8f5ec5f1ac Al Viro          2013-05-18  113  	if (ctx->pos == 12) { /* diff -r requires this (note, that diff -r */
568f8f5ec5f1ac Al Viro          2013-05-18  114  		ctx->pos = 13; /* also fails on msdos filesystem in 2.0) */
^1da177e4c3f41 Linus Torvalds   2005-04-16  115  		goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  116  	}
568f8f5ec5f1ac Al Viro          2013-05-18  117  	if (ctx->pos == 13) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  118  		ret = -ENOENT;
^1da177e4c3f41 Linus Torvalds   2005-04-16  119  		goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  120  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  121  	
^1da177e4c3f41 Linus Torvalds   2005-04-16  122  	while (1) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  123  		again:
^1da177e4c3f41 Linus Torvalds   2005-04-16  124  		/* This won't work when cycle is longer than number of dirents
^1da177e4c3f41 Linus Torvalds   2005-04-16  125  		   accepted by filldir, but what can I do?
^1da177e4c3f41 Linus Torvalds   2005-04-16  126  		   maybe killall -9 ls helps */
^1da177e4c3f41 Linus Torvalds   2005-04-16  127  		if (hpfs_sb(inode->i_sb)->sb_chk)
568f8f5ec5f1ac Al Viro          2013-05-18  128  			if (hpfs_stop_cycles(inode->i_sb, ctx->pos, &c1, &c2, "hpfs_readdir")) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  129  				ret = -EFSERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16  130  				goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  131  			}
568f8f5ec5f1ac Al Viro          2013-05-18  132  		if (ctx->pos == 12)
^1da177e4c3f41 Linus Torvalds   2005-04-16  133  			goto out;
568f8f5ec5f1ac Al Viro          2013-05-18  134  		if (ctx->pos == 3 || ctx->pos == 4 || ctx->pos == 5) {
a19189e5535ed8 Fabian Frederick 2014-06-06  135  			pr_err("pos==%d\n", (int)ctx->pos);
^1da177e4c3f41 Linus Torvalds   2005-04-16  136  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  137  		}
568f8f5ec5f1ac Al Viro          2013-05-18  138  		if (ctx->pos == 0) {
568f8f5ec5f1ac Al Viro          2013-05-18  139  			if (!dir_emit_dot(file, ctx))
^1da177e4c3f41 Linus Torvalds   2005-04-16  140  				goto out;
568f8f5ec5f1ac Al Viro          2013-05-18  141  			ctx->pos = 11;
^1da177e4c3f41 Linus Torvalds   2005-04-16  142  		}
568f8f5ec5f1ac Al Viro          2013-05-18  143  		if (ctx->pos == 11) {
568f8f5ec5f1ac Al Viro          2013-05-18  144  			if (!dir_emit(ctx, "..", 2, hpfs_inode->i_parent_dir, DT_DIR))
^1da177e4c3f41 Linus Torvalds   2005-04-16  145  				goto out;
568f8f5ec5f1ac Al Viro          2013-05-18  146  			ctx->pos = 1;
^1da177e4c3f41 Linus Torvalds   2005-04-16  147  		}
568f8f5ec5f1ac Al Viro          2013-05-18  148  		if (ctx->pos == 1) {
e82c3147554785 Al Viro          2016-05-12  149  			ret = hpfs_add_pos(inode, &file->f_pos);
e82c3147554785 Al Viro          2016-05-12  150  			if (unlikely(ret < 0))
e82c3147554785 Al Viro          2016-05-12  151  				goto out;
568f8f5ec5f1ac Al Viro          2013-05-18  152  			ctx->pos = ((loff_t) hpfs_de_as_down_as_possible(inode->i_sb, hpfs_inode->i_dno) << 4) + 1;
^1da177e4c3f41 Linus Torvalds   2005-04-16  153  		}
568f8f5ec5f1ac Al Viro          2013-05-18  154  		next_pos = ctx->pos;
568f8f5ec5f1ac Al Viro          2013-05-18  155  		if (!(de = map_pos_dirent(inode, &next_pos, &qbh))) {
568f8f5ec5f1ac Al Viro          2013-05-18  156  			ctx->pos = next_pos;
^1da177e4c3f41 Linus Torvalds   2005-04-16  157  			ret = -EIOERROR;
^1da177e4c3f41 Linus Torvalds   2005-04-16  158  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  159  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16  160  		if (de->first || de->last) {
^1da177e4c3f41 Linus Torvalds   2005-04-16  161  			if (hpfs_sb(inode->i_sb)->sb_chk) {
18debbbcce1306 Randy Dunlap     2006-12-06  162  				if (de->first && !de->last && (de->namelen != 2
18debbbcce1306 Randy Dunlap     2006-12-06 @163  				    || de ->name[0] != 1 || de->name[1] != 1))
568f8f5ec5f1ac Al Viro          2013-05-18  164  					hpfs_error(inode->i_sb, "hpfs_readdir: bad ^A^A entry; pos = %08lx", (unsigned long)ctx->pos);
18debbbcce1306 Randy Dunlap     2006-12-06  165  				if (de->last && (de->namelen != 1 || de ->name[0] != 255))
568f8f5ec5f1ac Al Viro          2013-05-18  166  					hpfs_error(inode->i_sb, "hpfs_readdir: bad \\377 entry; pos = %08lx", (unsigned long)ctx->pos);
^1da177e4c3f41 Linus Torvalds   2005-04-16  167  			}
^1da177e4c3f41 Linus Torvalds   2005-04-16  168  			hpfs_brelse4(&qbh);
568f8f5ec5f1ac Al Viro          2013-05-18  169  			ctx->pos = next_pos;
^1da177e4c3f41 Linus Torvalds   2005-04-16  170  			goto again;
^1da177e4c3f41 Linus Torvalds   2005-04-16  171  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16  172  		tempname = hpfs_translate_name(inode->i_sb, de->name, de->namelen, lc, de->not_8x3);
568f8f5ec5f1ac Al Viro          2013-05-18  173  		if (!dir_emit(ctx, tempname, de->namelen, le32_to_cpu(de->fnode), DT_UNKNOWN)) {
7e7742ee005c88 Al Viro          2010-01-31  174  			if (tempname != de->name) kfree(tempname);
^1da177e4c3f41 Linus Torvalds   2005-04-16  175  			hpfs_brelse4(&qbh);
^1da177e4c3f41 Linus Torvalds   2005-04-16  176  			goto out;
^1da177e4c3f41 Linus Torvalds   2005-04-16  177  		}
568f8f5ec5f1ac Al Viro          2013-05-18  178  		ctx->pos = next_pos;
7e7742ee005c88 Al Viro          2010-01-31  179  		if (tempname != de->name) kfree(tempname);
^1da177e4c3f41 Linus Torvalds   2005-04-16  180  		hpfs_brelse4(&qbh);
^1da177e4c3f41 Linus Torvalds   2005-04-16  181  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  182  out:
9a311b96c3065f Arnd Bergmann    2011-01-22  183  	hpfs_unlock(inode->i_sb);
^1da177e4c3f41 Linus Torvalds   2005-04-16  184  	return ret;
^1da177e4c3f41 Linus Torvalds   2005-04-16  185  }
^1da177e4c3f41 Linus Torvalds   2005-04-16  186  

:::::: The code at line 163 was first introduced by commit
:::::: 18debbbcce1306f0bbb1c71cf587fd90413acab6 [PATCH] hpfs: fix printk format warnings

:::::: TO: Randy Dunlap <randy.dunlap@...cle.com>
:::::: CC: Linus Torvalds <torvalds@...dy.osdl.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (23205 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ