lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Jul 2021 11:39:16 +0800
From:   kernel test robot <lkp@...el.com>
To:     Dan Carpenter <error27@...il.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>
Subject: [linux-stable-rc:linux-4.4.y 1449/1774]
 drivers/input/joydev.c:485:16: warning: comparison of integer expressions of
 different signedness: 'int' and 'long unsigned int'

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
head:   38c92ba3580f0d00e57a55caf8f880aa1a0f2a50
commit: ade5180681d778d36b569ad35cc175ab22196c5f [1449/1774] Input: joydev - prevent potential read overflow in ioctl
config: h8300-randconfig-r031-20210718 (attached as .config)
compiler: h8300-linux-gcc (GCC) 10.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?id=ade5180681d778d36b569ad35cc175ab22196c5f
        git remote add linux-stable-rc https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
        git fetch --no-tags linux-stable-rc linux-4.4.y
        git checkout ade5180681d778d36b569ad35cc175ab22196c5f
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross ARCH=h8300 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   In file included from arch/h8300/include/generated/asm/uaccess.h:1,
                    from include/linux/poll.h:11,
                    from drivers/input/joydev.c:27:
   include/asm-generic/uaccess.h: In function '__put_user_fn':
   include/asm-generic/uaccess.h:178:16: warning: operand of '?:' changes signedness from 'int' to 'size_t' {aka 'long unsigned int'} due to unsignedness of other operand [-Wsign-compare]
     178 |  return size ? -EFAULT : size;
   drivers/input/joydev.c: In function 'joydev_handle_JSIOCSAXMAP':
   drivers/input/joydev.c:451:16: warning: comparison of integer expressions of different signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare]
     451 |  for (i = 0; i < len && i < joydev->nabs; i++) {
         |                ^
   drivers/input/joydev.c: In function 'joydev_handle_JSIOCSBTNMAP':
>> drivers/input/joydev.c:485:16: warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
     485 |  for (i = 0; i < (len / 2) && i < joydev->nkey; i++) {
         |                ^
   drivers/input/joydev.c: In function 'joydev_ioctl_common':
   drivers/input/joydev.c:566:52: warning: operand of '?:' changes signedness from 'int' to 'size_t' {aka 'long unsigned int'} due to unsignedness of other operand [-Wsign-compare]
     566 |   return copy_to_user(argp, joydev->abspam, len) ? -EFAULT : len;
   drivers/input/joydev.c:573:52: warning: operand of '?:' changes signedness from 'int' to 'size_t' {aka 'long unsigned int'} due to unsignedness of other operand [-Wsign-compare]
     573 |   return copy_to_user(argp, joydev->keypam, len) ? -EFAULT : len;
   drivers/input/joydev.c:581:42: warning: operand of '?:' changes signedness from 'int' to 'size_t' {aka 'long unsigned int'} due to unsignedness of other operand [-Wsign-compare]
     581 |   return copy_to_user(argp, name, len) ? -EFAULT : len;


vim +485 drivers/input/joydev.c

   467	
   468	static int joydev_handle_JSIOCSBTNMAP(struct joydev *joydev,
   469					      void __user *argp, size_t len)
   470	{
   471		__u16 *keypam;
   472		int i;
   473		int retval = 0;
   474	
   475		if (len % sizeof(*keypam))
   476			return -EINVAL;
   477	
   478		len = min(len, sizeof(joydev->keypam));
   479	
   480		/* Validate the map. */
   481		keypam = memdup_user(argp, len);
   482		if (IS_ERR(keypam))
   483			return PTR_ERR(keypam);
   484	
 > 485		for (i = 0; i < (len / 2) && i < joydev->nkey; i++) {
   486			if (keypam[i] > KEY_MAX || keypam[i] < BTN_MISC) {
   487				retval = -EINVAL;
   488				goto out;
   489			}
   490		}
   491	
   492		memcpy(joydev->keypam, keypam, len);
   493	
   494		for (i = 0; i < joydev->nkey; i++)
   495			joydev->keymap[keypam[i] - BTN_MISC] = i;
   496	
   497	 out:
   498		kfree(keypam);
   499		return retval;
   500	}
   501	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (16396 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ