lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202108261727.tmDmuAD5-lkp@intel.com>
Date:   Thu, 26 Aug 2021 17:12:44 +0800
From:   kernel test robot <lkp@...el.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: [kees:for-next/overflow 30/30] fs/udf/super.c:2525:61: warning:
 array subscript 'lvid_60->numOfPartitions + 4294967295' is outside the
 bounds of an interior zero-length array '__le32[0]' {aka 'unsigned int[]'}

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/overflow
head:   7d8aac16a0a831d3ce4948ed18d812ad2e2224ac
commit: 7d8aac16a0a831d3ce4948ed18d812ad2e2224ac [30/30] Makefile: Enable -Wzero-length-bounds
config: arm-imx_v6_v7_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=7d8aac16a0a831d3ce4948ed18d812ad2e2224ac
        git remote add kees https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
        git fetch --no-tags kees for-next/overflow
        git checkout 7d8aac16a0a831d3ce4948ed18d812ad2e2224ac
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross ARCH=arm 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   In file included from include/linux/byteorder/little_endian.h:5,
                    from arch/arm/include/uapi/asm/byteorder.h:22,
                    from include/asm-generic/bitops/le.h:7,
                    from arch/arm/include/asm/bitops.h:268,
                    from include/linux/bitops.h:32,
                    from include/linux/kernel.h:12,
                    from include/linux/list.h:9,
                    from include/linux/wait.h:7,
                    from include/linux/wait_bit.h:8,
                    from include/linux/fs.h:6,
                    from fs/udf/udfdecl.h:10,
                    from fs/udf/super.c:41:
   fs/udf/super.c: In function 'udf_statfs':
>> fs/udf/super.c:2525:61: warning: array subscript 'lvid_60->numOfPartitions + 4294967295' is outside the bounds of an interior zero-length array '__le32[0]' {aka 'unsigned int[]'} [-Wzero-length-bounds]
    2525 |                                         lvid->freeSpaceTable[part]);
   include/uapi/linux/byteorder/little_endian.h:34:51: note: in definition of macro '__le32_to_cpu'
      34 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
         |                                                   ^
   fs/udf/super.c:2524:33: note: in expansion of macro 'le32_to_cpu'
    2524 |                         accum = le32_to_cpu(
         |                                 ^~~~~~~~~~~
   In file included from fs/udf/udfdecl.h:7,
                    from fs/udf/super.c:41:
   fs/udf/ecma_167.h:363:33: note: while referencing 'freeSpaceTable'
     363 |         __le32                  freeSpaceTable[0];
         |                                 ^~~~~~~~~~~~~~


vim +2525 fs/udf/super.c

^1da177e4c3f41 Linus Torvalds   2005-04-16  2499  
cb00ea3528eb3c Cyrill Gorcunov  2007-07-19  2500  static unsigned int udf_count_free(struct super_block *sb)
^1da177e4c3f41 Linus Torvalds   2005-04-16  2501  {
^1da177e4c3f41 Linus Torvalds   2005-04-16  2502  	unsigned int accum = 0;
a4a8b99ec819ca Jan Kara         2020-01-07  2503  	struct udf_sb_info *sbi = UDF_SB(sb);
6c79e987d629cb Marcin Slusarz   2008-02-08  2504  	struct udf_part_map *map;
a4a8b99ec819ca Jan Kara         2020-01-07  2505  	unsigned int part = sbi->s_partition;
a4a8b99ec819ca Jan Kara         2020-01-07  2506  	int ptype = sbi->s_partmaps[part].s_partition_type;
a4a8b99ec819ca Jan Kara         2020-01-07  2507  
a4a8b99ec819ca Jan Kara         2020-01-07  2508  	if (ptype == UDF_METADATA_MAP25) {
a4a8b99ec819ca Jan Kara         2020-01-07  2509  		part = sbi->s_partmaps[part].s_type_specific.s_metadata.
a4a8b99ec819ca Jan Kara         2020-01-07  2510  							s_phys_partition_ref;
a4a8b99ec819ca Jan Kara         2020-01-07  2511  	} else if (ptype == UDF_VIRTUAL_MAP15 || ptype == UDF_VIRTUAL_MAP20) {
a4a8b99ec819ca Jan Kara         2020-01-07  2512  		/*
a4a8b99ec819ca Jan Kara         2020-01-07  2513  		 * Filesystems with VAT are append-only and we cannot write to
a4a8b99ec819ca Jan Kara         2020-01-07  2514   		 * them. Let's just report 0 here.
a4a8b99ec819ca Jan Kara         2020-01-07  2515  		 */
a4a8b99ec819ca Jan Kara         2020-01-07  2516  		return 0;
a4a8b99ec819ca Jan Kara         2020-01-07  2517  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  2518  
6c79e987d629cb Marcin Slusarz   2008-02-08  2519  	if (sbi->s_lvid_bh) {
4b11111aba6c80 Marcin Slusarz   2008-02-08  2520  		struct logicalVolIntegrityDesc *lvid =
4b11111aba6c80 Marcin Slusarz   2008-02-08  2521  			(struct logicalVolIntegrityDesc *)
4b11111aba6c80 Marcin Slusarz   2008-02-08  2522  			sbi->s_lvid_bh->b_data;
a4a8b99ec819ca Jan Kara         2020-01-07  2523  		if (le32_to_cpu(lvid->numOfPartitions) > part) {
4b11111aba6c80 Marcin Slusarz   2008-02-08  2524  			accum = le32_to_cpu(
a4a8b99ec819ca Jan Kara         2020-01-07 @2525  					lvid->freeSpaceTable[part]);
^1da177e4c3f41 Linus Torvalds   2005-04-16  2526  			if (accum == 0xFFFFFFFF)
^1da177e4c3f41 Linus Torvalds   2005-04-16  2527  				accum = 0;
^1da177e4c3f41 Linus Torvalds   2005-04-16  2528  		}
^1da177e4c3f41 Linus Torvalds   2005-04-16  2529  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  2530  
^1da177e4c3f41 Linus Torvalds   2005-04-16  2531  	if (accum)
^1da177e4c3f41 Linus Torvalds   2005-04-16  2532  		return accum;
^1da177e4c3f41 Linus Torvalds   2005-04-16  2533  
a4a8b99ec819ca Jan Kara         2020-01-07  2534  	map = &sbi->s_partmaps[part];
6c79e987d629cb Marcin Slusarz   2008-02-08  2535  	if (map->s_partition_flags & UDF_PART_FLAG_UNALLOC_BITMAP) {
28de7948a89676 Cyrill Gorcunov  2007-07-21  2536  		accum += udf_count_free_bitmap(sb,
6c79e987d629cb Marcin Slusarz   2008-02-08  2537  					       map->s_uspace.s_bitmap);
28de7948a89676 Cyrill Gorcunov  2007-07-21  2538  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  2539  	if (accum)
^1da177e4c3f41 Linus Torvalds   2005-04-16  2540  		return accum;
^1da177e4c3f41 Linus Torvalds   2005-04-16  2541  
6c79e987d629cb Marcin Slusarz   2008-02-08  2542  	if (map->s_partition_flags & UDF_PART_FLAG_UNALLOC_TABLE) {
28de7948a89676 Cyrill Gorcunov  2007-07-21  2543  		accum += udf_count_free_table(sb,
6c79e987d629cb Marcin Slusarz   2008-02-08  2544  					      map->s_uspace.s_table);
28de7948a89676 Cyrill Gorcunov  2007-07-21  2545  	}
^1da177e4c3f41 Linus Torvalds   2005-04-16  2546  	return accum;
^1da177e4c3f41 Linus Torvalds   2005-04-16  2547  }
54bb60d53114b8 Fabian Frederick 2017-01-06  2548  

:::::: The code at line 2525 was first introduced by commit
:::::: a4a8b99ec819ca60b49dc582a4287ef03411f117 udf: Fix free space reporting for metadata and virtual partitions

:::::: TO: Jan Kara <jack@...e.cz>
:::::: CC: Jan Kara <jack@...e.cz>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (39359 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ