lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202205121241.RQJCa61u-lkp@intel.com>
Date:   Thu, 12 May 2022 12:43:47 +0800
From:   kernel test robot <lkp@...el.com>
To:     Gireesh.Hiremath@...bosch.com, linux-omap@...r.kernel.org,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-input@...r.kernel.org, bcousson@...libre.com,
        tony@...mide.com, robh+dt@...nel.org,
        krzysztof.kozlowski+dt@...aro.org, dmitry.torokhov@...il.com,
        mkorpershoek@...libre.com, davidgow@...gle.com,
        m.felsch@...gutronix.de, swboyd@...omium.org,
        fengping.yu@...iatek.com, y.oudjana@...tonmail.com,
        rdunlap@...radead.org, colin.king@...el.com
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        sjoerd.simons@...labora.co.uk, VinayKumar.Shettar@...bosch.com,
        Govindaraji.Sivanantham@...bosch.com, anaclaudia.dias@...bosch.com
Subject: Re: [PATCH v2 2/4] Input: mt-matrix-keypad: Add Bosch mt matrix
 keypad driver

Hi,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on tmlind-omap/for-next]
[also build test WARNING on next-20220511]
[cannot apply to dtor-input/next robh/for-next balbi-usb/testing/next v5.18-rc6]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Gireesh-Hiremath-in-bosch-com/ARM-dts-am335x-Guardian-switch-to-AM33XX_PADCONF-pinmux-macro/20220506-153118
base:   https://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap.git for-next
config: riscv-randconfig-c006-20220508 (https://download.01.org/0day-ci/archive/20220512/202205121241.RQJCa61u-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project af4cf1c6b8ed0d8102fc5e69acdc2fcbbcdaa9a7)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install riscv cross compiling tool for clang build
        # apt-get install binutils-riscv64-linux-gnu
        # https://github.com/intel-lab-lkp/linux/commit/eb3dca58cf317366877720c44e785ab0ce151ef8
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Gireesh-Hiremath-in-bosch-com/ARM-dts-am335x-Guardian-switch-to-AM33XX_PADCONF-pinmux-macro/20220506-153118
        git checkout eb3dca58cf317366877720c44e785ab0ce151ef8
        # save the config file
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> drivers/input/keyboard/mt_matrix_keypad.c:200:7: warning: variable 'any_btn_served' set but not used [-Wunused-but-set-variable]
           bool any_btn_served = false;
                ^
   1 warning generated.


clang-analyzer warnings: (new ones prefixed by >>)
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:991:1: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
   fan_functions(fan_step_output, data->REG_FAN_STEP_OUTPUT)
   ^
   drivers/hwmon/w83627ehf.c:965:9: note: expanded from macro 'fan_functions'
           return sprintf(buf, "%d\n", data->reg[nr]); \
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:991:1: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
   fan_functions(fan_step_output, data->REG_FAN_STEP_OUTPUT)
   ^
   drivers/hwmon/w83627ehf.c:965:9: note: expanded from macro 'fan_functions'
           return sprintf(buf, "%d\n", data->reg[nr]); \
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:1027:1: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
   fan_time_functions(fan_stop_time, W83627EHF_REG_FAN_STOP_TIME)
   ^
   drivers/hwmon/w83627ehf.c:1001:9: note: expanded from macro 'fan_time_functions'
           return sprintf(buf, "%d\n", \
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:1027:1: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
   fan_time_functions(fan_stop_time, W83627EHF_REG_FAN_STOP_TIME)
   ^
   drivers/hwmon/w83627ehf.c:1001:9: note: expanded from macro 'fan_time_functions'
           return sprintf(buf, "%d\n", \
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:1082:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           return sprintf(buf, "%d\n", vid_from_reg(data->vid, data->vrm));
                  ^~~~~~~
   drivers/hwmon/w83627ehf.c:1082:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
           return sprintf(buf, "%d\n", vid_from_reg(data->vid, data->vrm));
                  ^~~~~~~
   Suppressed 29 warnings (29 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   40 warnings generated.
   Suppressed 40 warnings (40 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   53 warnings generated.
   drivers/leds/leds-lp3952.c:104:2: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           strncpy(dest, str, LP3952_LABEL_MAX_LEN);
           ^~~~~~~
   drivers/leds/leds-lp3952.c:104:2: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
           strncpy(dest, str, LP3952_LABEL_MAX_LEN);
           ^~~~~~~
   Suppressed 52 warnings (52 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   59 warnings generated.
   drivers/leds/leds-lp5521.c:230:9: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   ret = sscanf(data + offset, "%2s%n ", c, &nrchars);
                         ^~~~~~
   drivers/leds/leds-lp5521.c:230:9: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
                   ret = sscanf(data + offset, "%2s%n ", c, &nrchars);
                         ^~~~~~
   drivers/leds/leds-lp5521.c:234:9: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   ret = sscanf(c, "%2x", &cmd);
                         ^~~~~~
   drivers/leds/leds-lp5521.c:234:9: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
                   ret = sscanf(c, "%2x", &cmd);
                         ^~~~~~
   drivers/leds/leds-lp5521.c:306:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
           ret = lp55xx_write(chip, LP5521_REG_OP_MODE, LP5521_CMD_DIRECT);
           ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/leds/leds-lp5521.c:306:2: note: Value stored to 'ret' is never read
           ret = lp55xx_write(chip, LP5521_REG_OP_MODE, LP5521_CMD_DIRECT);
           ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/leds/leds-lp5521.c:368:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
           return ret;
           ^      ~~~
   drivers/leds/leds-lp5521.c:355:2: note: 'ret' declared without an initial value
           int ret;
           ^~~~~~~
   drivers/leds/leds-lp5521.c:359:14: note: Assuming 'i' is >= field 'num_colors'
           for (i = 0; i < led->mc_cdev.num_colors; i++) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/leds/leds-lp5521.c:359:2: note: Loop condition is false. Execution continues on line 367
           for (i = 0; i < led->mc_cdev.num_colors; i++) {
           ^
   drivers/leds/leds-lp5521.c:368:2: note: Undefined or garbage value returned to caller
           return ret;
           ^      ~~~
   drivers/leds/leds-lp5521.c:394:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   return sprintf(buf, "run\n");
                          ^~~~~~~
   drivers/leds/leds-lp5521.c:394:10: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
                   return sprintf(buf, "run\n");
                          ^~~~~~~
   drivers/leds/leds-lp5521.c:396:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   return sprintf(buf, "load\n");
                          ^~~~~~~
   drivers/leds/leds-lp5521.c:396:10: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
                   return sprintf(buf, "load\n");
                          ^~~~~~~
   drivers/leds/leds-lp5521.c:399:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   return sprintf(buf, "disabled\n");
                          ^~~~~~~
   drivers/leds/leds-lp5521.c:399:10: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
                   return sprintf(buf, "disabled\n");
                          ^~~~~~~
   Suppressed 52 warnings (52 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   43 warnings generated.
>> drivers/input/keyboard/mt_matrix_keypad.c:297:35: warning: Division by zero [clang-analyzer-core.DivideZero]
                           pdata, (int)(pdata->scan_phase % pdata->num_line_gpios),
                                                          ^
   drivers/input/keyboard/mt_matrix_keypad.c:346:6: note: Assuming field 'stopped' is equal to false
           if (keypad->stopped == false) {
               ^~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:346:2: note: Taking true branch
           if (keypad->stopped == false) {
           ^
   drivers/input/keyboard/mt_matrix_keypad.c:347:3: note: Calling 'update_buttons'
                   update_buttons(pdata, input_dev);
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:222:6: note: Assuming field 'scan_phase' is not equal to field 'phase_prepare'
           if (pdata->scan_phase == pdata->phase_state.phase_prepare) {
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:222:2: note: Taking false branch
           if (pdata->scan_phase == pdata->phase_state.phase_prepare) {
           ^
   drivers/input/keyboard/mt_matrix_keypad.c:225:13: note: Assuming field 'scan_phase' is not equal to field 'phase_update_button'
           } else if (pdata->scan_phase ==
                      ^~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:225:9: note: Taking false branch
           } else if (pdata->scan_phase ==
                  ^
   drivers/input/keyboard/mt_matrix_keypad.c:266:15: note: Assuming 'i' is >= field 'num_line_gpios'
                   for (i = 0; i < pdata->num_line_gpios; i++) {
                               ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:266:3: note: Loop condition is false. Execution continues on line 277
                   for (i = 0; i < pdata->num_line_gpios; i++) {
                   ^
   drivers/input/keyboard/mt_matrix_keypad.c:277:7: note: 'number_of_buttons_pressed' is < 2
                   if (number_of_buttons_pressed < 2) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:277:3: note: Taking true branch
                   if (number_of_buttons_pressed < 2) {
                   ^
   drivers/input/keyboard/mt_matrix_keypad.c:278:4: note: Loop condition is false. Execution continues on line 293
                           for (i = 0; i < pdata->num_line_gpios; i++) {
                           ^
   drivers/input/keyboard/mt_matrix_keypad.c:297:35: note: Division by zero
                           pdata, (int)(pdata->scan_phase % pdata->num_line_gpios),
                                        ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
>> drivers/input/keyboard/mt_matrix_keypad.c:488:2: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores]
           i = pdata->num_line_gpios;
           ^   ~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:488:2: note: Value stored to 'i' is never read
           i = pdata->num_line_gpios;
           ^   ~~~~~~~~~~~~~~~~~~~~~
   Suppressed 41 warnings (40 in non-user code, 1 with check filters).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   40 warnings generated.
   Suppressed 40 warnings (40 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   52 warnings generated.
   Suppressed 52 warnings (52 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   64 warnings generated.
   drivers/media/dvb-frontends/cxd2841er.c:236:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           memcpy(&buf[1], data, len);
           ^
   include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
   #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
           __underlying_##op(p, q, __fortify_size);                        \
           ^~~~~~~~~~~~~~~~~
   note: expanded from here
   include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
   #define __underlying_memcpy     __builtin_memcpy
                                   ^~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:236:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
           memcpy(&buf[1], data, len);
           ^
   include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy'
   #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
           __underlying_##op(p, q, __fortify_size);                        \
           ^~~~~~~~~~~~~~~~~
   note: expanded from here
   include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
   #define __underlying_memcpy     __builtin_memcpy
                                   ^~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3600:25: warning: Value stored to 'priv' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
           struct cxd2841er_priv *priv = fe->demodulator_priv;
                                  ^~~~   ~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3600:25: note: Value stored to 'priv' during its initialization is never read
           struct cxd2841er_priv *priv = fe->demodulator_priv;
                                  ^~~~   ~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3714:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           memset(data, 0, sizeof(data));
           ^
   include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
   #define memset(p, c, s) __fortify_memset_chk(p, c, s,                   \
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
           __underlying_memset(p, c, __fortify_size);                      \
           ^~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
   #define __underlying_memset     __builtin_memset
                                   ^~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3714:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
           memset(data, 0, sizeof(data));
           ^
   include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
   #define memset(p, c, s) __fortify_memset_chk(p, c, s,                   \
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
           __underlying_memset(p, c, __fortify_size);                      \
           ^~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
   #define __underlying_memset     __builtin_memset
                                   ^~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3759:25: warning: Value stored to 'priv' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
           struct cxd2841er_priv *priv = fe->demodulator_priv;
                                  ^~~~   ~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3759:25: note: Value stored to 'priv' during its initialization is never read
           struct cxd2841er_priv *priv = fe->demodulator_priv;
                                  ^~~~   ~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3812:34: warning: Value stored to 'p' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
           struct dtv_frontend_properties *p = &fe->dtv_property_cache;
                                           ^   ~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3812:34: note: Value stored to 'p' during its initialization is never read
           struct dtv_frontend_properties *p = &fe->dtv_property_cache;
                                           ^   ~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3867:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3867:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3873:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3873:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3882:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
   drivers/media/dvb-frontends/cxd2841er.c:3882:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
                   snprintf(cxd2841er_t_c_ops.info.name, 128,
                   ^~~~~~~~
--
           ^
   drivers/media/i2c/ov5693.c:1404:6: note: Assuming 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1404:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1407:2: note: Loop condition is false.  Exiting loop
           mutex_init(&ov5693->lock);
           ^
   include/linux/mutex.h:101:32: note: expanded from macro 'mutex_init'
   #define mutex_init(mutex)                                               \
                                                                           ^
   drivers/media/i2c/ov5693.c:1412:2: note: Taking false branch
           if (IS_ERR(ov5693->clk)) {
           ^
   drivers/media/i2c/ov5693.c:1418:6: note: Assuming 'clk_rate' is equal to OV5693_XVCLK_FREQ
           if (clk_rate != OV5693_XVCLK_FREQ)
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/i2c/ov5693.c:1418:2: note: Taking false branch
           if (clk_rate != OV5693_XVCLK_FREQ)
           ^
   drivers/media/i2c/ov5693.c:1423:6: note: 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1423:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1427:6: note: Assuming 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1427:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1440:6: note: 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1440:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1444:6: note: Assuming 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1444:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1455:6: note: 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:1455:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:1458:8: note: Calling 'ov5693_detect'
           ret = ov5693_detect(ov5693);
                 ^~~~~~~~~~~~~~~~~~~~~
   drivers/media/i2c/ov5693.c:871:2: note: 'id' declared without an initial value
           u32 id;
           ^~~~~~
   drivers/media/i2c/ov5693.c:873:8: note: Calling 'ov5693_read_reg'
           ret = ov5693_read_reg(ov5693, OV5693_REG_CHIP_ID, &id);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/i2c/ov5693.c:399:8: note: '?' condition is false
           reg = cpu_to_be16(addr & OV5693_REG_ADDR_MASK);
                 ^
   include/linux/byteorder/generic.h:96:21: note: expanded from macro 'cpu_to_be16'
   #define cpu_to_be16 __cpu_to_be16
                       ^
   include/uapi/linux/byteorder/little_endian.h:42:43: note: expanded from macro '__cpu_to_be16'
   #define __cpu_to_be16(x) ((__force __be16)__swab16((x)))
                                             ^
   include/uapi/linux/swab.h:105:3: note: expanded from macro '__swab16'
           (__builtin_constant_p((__u16)(x)) ?     \
            ^
   drivers/media/i2c/ov5693.c:404:6: note: Assuming 'ret' is < 0
           if (ret < 0)
               ^~~~~~~
   drivers/media/i2c/ov5693.c:404:2: note: Taking true branch
           if (ret < 0)
           ^
   drivers/media/i2c/ov5693.c:405:3: note: Returning without writing to '*value'
                   return dev_err_probe(&client->dev, ret,
                   ^
   drivers/media/i2c/ov5693.c:405:3: note: Returning value, which participates in a condition later
                   return dev_err_probe(&client->dev, ret,
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/i2c/ov5693.c:873:8: note: Returning from 'ov5693_read_reg'
           ret = ov5693_read_reg(ov5693, OV5693_REG_CHIP_ID, &id);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/media/i2c/ov5693.c:874:6: note: Assuming 'ret' is 0
           if (ret)
               ^~~
   drivers/media/i2c/ov5693.c:874:2: note: Taking false branch
           if (ret)
           ^
   drivers/media/i2c/ov5693.c:877:9: note: The left operand of '!=' is a garbage value
           if (id != OV5693_CHIP_ID)
               ~~ ^
   Suppressed 53 warnings (53 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   43 warnings generated.
>> drivers/input/keyboard/mt_matrix_keypad.c:297:35: warning: Division by zero [clang-analyzer-core.DivideZero]
                           pdata, (int)(pdata->scan_phase % pdata->num_line_gpios),
                                                          ^
   drivers/input/keyboard/mt_matrix_keypad.c:346:6: note: Assuming field 'stopped' is equal to false
           if (keypad->stopped == false) {
               ^~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:346:2: note: Taking true branch
           if (keypad->stopped == false) {
           ^
   drivers/input/keyboard/mt_matrix_keypad.c:347:3: note: Calling 'update_buttons'
                   update_buttons(pdata, input_dev);
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:222:6: note: Assuming field 'scan_phase' is not equal to field 'phase_prepare'
           if (pdata->scan_phase == pdata->phase_state.phase_prepare) {
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:222:2: note: Taking false branch
           if (pdata->scan_phase == pdata->phase_state.phase_prepare) {
           ^
   drivers/input/keyboard/mt_matrix_keypad.c:225:13: note: Assuming field 'scan_phase' is not equal to field 'phase_update_button'
           } else if (pdata->scan_phase ==
                      ^~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:225:9: note: Taking false branch
           } else if (pdata->scan_phase ==
                  ^
   drivers/input/keyboard/mt_matrix_keypad.c:266:15: note: Assuming 'i' is >= field 'num_line_gpios'
                   for (i = 0; i < pdata->num_line_gpios; i++) {
                               ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:266:3: note: Loop condition is false. Execution continues on line 277
                   for (i = 0; i < pdata->num_line_gpios; i++) {
                   ^
   drivers/input/keyboard/mt_matrix_keypad.c:277:7: note: 'number_of_buttons_pressed' is < 2
                   if (number_of_buttons_pressed < 2) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:277:3: note: Taking true branch
                   if (number_of_buttons_pressed < 2) {
                   ^
   drivers/input/keyboard/mt_matrix_keypad.c:278:4: note: Loop condition is false. Execution continues on line 293
                           for (i = 0; i < pdata->num_line_gpios; i++) {
                           ^
   drivers/input/keyboard/mt_matrix_keypad.c:297:35: note: Division by zero
                           pdata, (int)(pdata->scan_phase % pdata->num_line_gpios),
                                        ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
>> drivers/input/keyboard/mt_matrix_keypad.c:488:2: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores]
           i = pdata->num_line_gpios;
           ^   ~~~~~~~~~~~~~~~~~~~~~
   drivers/input/keyboard/mt_matrix_keypad.c:488:2: note: Value stored to 'i' is never read
           i = pdata->num_line_gpios;
           ^   ~~~~~~~~~~~~~~~~~~~~~
   Suppressed 41 warnings (40 in non-user code, 1 with check filters).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   40 warnings generated.
   Suppressed 40 warnings (40 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   52 warnings generated.
   Suppressed 52 warnings (52 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   37 warnings generated.
   drivers/leds/uleds.c:150:4: warning: Value stored to 'retval' is never read [clang-analyzer-deadcode.DeadStores]
                           retval = copy_to_user(buffer, &udev->brightness,
                           ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/leds/uleds.c:150:4: note: Value stored to 'retval' is never read
                           retval = copy_to_user(buffer, &udev->brightness,
                           ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   Suppressed 36 warnings (36 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   53 warnings generated.
   drivers/firmware/google/framebuffer-coreboot.c:54:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           memset(&res, 0, sizeof(res));
           ^
   include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
   #define memset(p, c, s) __fortify_memset_chk(p, c, s,                   \
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
           __underlying_memset(p, c, __fortify_size);                      \
           ^~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
   #define __underlying_memset     __builtin_memset
                                   ^~~~~~~~~~~~~~~~
   drivers/firmware/google/framebuffer-coreboot.c:54:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
           memset(&res, 0, sizeof(res));
           ^
   include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
   #define memset(p, c, s) __fortify_memset_chk(p, c, s,                   \
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
           __underlying_memset(p, c, __fortify_size);                      \
           ^~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
   #define __underlying_memset     __builtin_memset
                                   ^~~~~~~~~~~~~~~~
   Suppressed 52 warnings (52 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   86 warnings generated.
   Suppressed 86 warnings (86 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   80 warnings generated.
   Suppressed 80 warnings (80 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
   95 warnings generated.
   include/linux/etherdevice.h:128:2: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
           u16 a = *(const u16 *)addr;
           ^
   net/llc/llc_sap.c:425:2: note: Calling 'llc_pdu_decode_da'
           llc_pdu_decode_da(skb, laddr.mac);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/net/llc_pdu.h:278:23: note: '?' condition is true
           if (skb->protocol == htons(ETH_P_802_2))
                                ^
   include/linux/byteorder/generic.h:141:18: note: expanded from macro 'htons'
   #define htons(x) ___htons(x)
                    ^
   include/linux/byteorder/generic.h:135:21: note: expanded from macro '___htons'
   #define ___htons(x) __cpu_to_be16(x)
                       ^
   include/uapi/linux/byteorder/little_endian.h:42:43: note: expanded from macro '__cpu_to_be16'
   #define __cpu_to_be16(x) ((__force __be16)__swab16((x)))
                                             ^
   include/uapi/linux/swab.h:105:3: note: expanded from macro '__swab16'
           (__builtin_constant_p((__u16)(x)) ?     \
            ^
   include/net/llc_pdu.h:278:6: note: Assuming the condition is false
           if (skb->protocol == htons(ETH_P_802_2))
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/net/llc_pdu.h:278:2: note: Taking false branch
           if (skb->protocol == htons(ETH_P_802_2))
           ^
   net/llc/llc_sap.c:425:2: note: Returning from 'llc_pdu_decode_da'
           llc_pdu_decode_da(skb, laddr.mac);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   net/llc/llc_sap.c:428:6: note: Calling 'is_multicast_ether_addr'
           if (is_multicast_ether_addr(laddr.mac)) {
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/etherdevice.h:128:2: note: Assigned value is garbage or undefined
           u16 a = *(const u16 *)addr;
           ^       ~~~~~~~~~~~~~~~~~~
   net/llc/llc_sap.c:77:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
           memset(addr, 0, sizeof(*addr));
           ^
   include/linux/fortify-string.h:272:25: note: expanded from macro 'memset'
   #define memset(p, c, s) __fortify_memset_chk(p, c, s,                   \
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk'
           __underlying_memset(p, c, __fortify_size);                      \

vim +/any_btn_served +200 drivers/input/keyboard/mt_matrix_keypad.c

   195	
   196	void process_button_events(const struct mt_matrix_keypad_platform_data *pdata,
   197				   struct input_dev *input_dev)
   198	{
   199		int btn_index;
 > 200		bool any_btn_served = false;
   201	
   202		for (btn_index = 0; btn_index < pdata->num_of_buttons; btn_index++) {
   203			const union typeEvent beEvent =
   204				get_and_clear_btn_events(pdata, (int)btn_index);
   205	
   206			if (beEvent.status.boGlobalChanged) {
   207				const struct button_states bsState =
   208					get_btn_id_state(pdata, (int)btn_index);
   209	
   210				if (bsState.boEnabled) {
   211					any_btn_served |=
   212						on_button_event(pdata, (int)btn_index,
   213								beEvent, input_dev);
   214				}
   215			}
   216		}
   217	}
   218	
   219	void update_buttons(struct mt_matrix_keypad_platform_data *pdata,
   220			    struct input_dev *input_dev)
   221	{
   222		if (pdata->scan_phase == pdata->phase_state.phase_prepare) {
   223			pdata->scan_phase = pdata->phase_state.phase_start;
   224			activate_line_driving(pdata, (int)pdata->scan_phase, true);
   225		} else if (pdata->scan_phase ==
   226			   pdata->phase_state.phase_update_button) {
   227			bool btn_changes_occured = false;
   228			int btn_index;
   229	
   230			if (pdata->intialize_buttons) {
   231				int i;
   232	
   233				pdata->intialize_buttons = false;
   234	
   235				for (i = 0; i < pdata->num_of_buttons; i++) {
   236					const bool btn_curr_hw_state =
   237						get_button_state(
   238							&pdata->button_array[i])
   239							.boCurrentStateOfHw;
   240					button_init(&pdata->button_array[i],
   241						    btn_curr_hw_state,
   242						    pdata->button_array[i].key);
   243				}
   244			}
   245	
   246			for (btn_index = 0; btn_index < pdata->num_of_buttons;
   247			     btn_index++) {
   248				btn_changes_occured |= check_button_changes(
   249					&pdata->button_array[btn_index]);
   250			}
   251	
   252			if (btn_changes_occured)
   253				process_button_events(pdata, input_dev);
   254	
   255			pdata->scan_phase = pdata->phase_state.phase_start;
   256		} else {
   257			uint8_t *btn_keylines;
   258			uint8_t number_of_buttons_pressed = 0;
   259			uint8_t btn_index;
   260			uint8_t btn_key;
   261			uint16_t index;
   262			int i;
   263	
   264			btn_keylines = kcalloc(pdata->num_line_gpios, sizeof(uint8_t),
   265					       GFP_KERNEL);
   266			for (i = 0; i < pdata->num_line_gpios; i++) {
   267				index = (pdata->scan_phase * pdata->num_line_gpios) + i;
   268				btn_key = pdata->button_matrix[index];
   269				btn_keylines[i] = false;
   270	
   271				if ((btn_key != pdata->button_matrix[0]) &&
   272				    (get_gpio_line_value(pdata, (int)i) != false)) {
   273					btn_keylines[i] = true;
   274					number_of_buttons_pressed++;
   275				}
   276			}
   277			if (number_of_buttons_pressed < 2) {
   278				for (i = 0; i < pdata->num_line_gpios; i++) {
   279					index = (pdata->scan_phase *
   280						 pdata->num_line_gpios) +
   281						i;
   282					btn_key = pdata->button_matrix[index];
   283					if (btn_key != pdata->button_matrix[0]) {
   284						btn_index =
   285							get_btn_index(pdata, btn_key);
   286						set_btn_state_by_hw(
   287							&pdata->button_array[btn_index],
   288							btn_keylines[i]);
   289					}
   290				}
   291			}
   292	
   293			kfree(btn_keylines);
   294			activate_line_driving(pdata, (int)pdata->scan_phase, false);
   295			pdata->scan_phase++;
   296			activate_line_driving(
 > 297				pdata, (int)(pdata->scan_phase % pdata->num_line_gpios),
   298				true);
   299		}
   300	}
   301	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ