lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZUj/USPCJ6tm/lg9@rli9-mobl>
Date:   Mon, 6 Nov 2023 22:59:29 +0800
From:   Philip Li <philip.li@...el.com>
To:     kernel test robot <lkp@...el.com>
CC:     Christoph Hellwig <hch@....de>, <oe-kbuild-all@...ts.linux.dev>,
        <linux-kernel@...r.kernel.org>, Jens Axboe <axboe@...nel.dk>,
        Kees Cook <keescook@...omium.org>
Subject: Re: drivers/target/target_core_transport.c:1079:59: warning: '%s'
 directive output may be truncated writing up to 253 bytes into a region of
 size 221

On Mon, Nov 06, 2023 at 10:01:44PM +0800, kernel test robot wrote:
> Hi Christoph,
> 
> FYI, the error/warning was bisected to this commit, please ignore it if it's irrelevant.

Sorry for false report, kindly ignore this which is not the cause of initial warning.

> 
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head:   d2f51b3516dade79269ff45eae2a7668ae711b25
> commit: 8a39a0478355e9dfdd2f35038d07c4ebe3192441 target: don't depend on SCSI
> date:   5 years ago
> config: x86_64-randconfig-x083-20230515 (https://download.01.org/0day-ci/archive/20231106/202311062106.HacLsl2Y-lkp@intel.com/config)
> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231106/202311062106.HacLsl2Y-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202311062106.HacLsl2Y-lkp@intel.com/
> 
> All warnings (new ones prefixed by >>):
> 
>    drivers/target/target_core_transport.c: In function 'transport_dump_vpd_ident':
> >> drivers/target/target_core_transport.c:1079:59: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 221 [-Wformat-truncation=]
>     1079 |                         "T10 VPD ASCII Device Identifier: %s\n",
>          |                                                           ^~
>    drivers/target/target_core_transport.c:1078:17: note: 'snprintf' output between 35 and 288 bytes into a destination of size 254
>     1078 |                 snprintf(buf, sizeof(buf),
>          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
>     1079 |                         "T10 VPD ASCII Device Identifier: %s\n",
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     1080 |                         &vpd->device_identifier[0]);
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    drivers/target/target_core_transport.c:1084:59: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 221 [-Wformat-truncation=]
>     1084 |                         "T10 VPD UTF-8 Device Identifier: %s\n",
>          |                                                           ^~
>    drivers/target/target_core_transport.c:1083:17: note: 'snprintf' output between 35 and 288 bytes into a destination of size 254
>     1083 |                 snprintf(buf, sizeof(buf),
>          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
>     1084 |                         "T10 VPD UTF-8 Device Identifier: %s\n",
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     1085 |                         &vpd->device_identifier[0]);
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    drivers/target/target_core_transport.c:1074:60: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 220 [-Wformat-truncation=]
>     1074 |                         "T10 VPD Binary Device Identifier: %s\n",
>          |                                                            ^~
>    drivers/target/target_core_transport.c:1073:17: note: 'snprintf' output between 36 and 289 bytes into a destination of size 254
>     1073 |                 snprintf(buf, sizeof(buf),
>          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
>     1074 |                         "T10 VPD Binary Device Identifier: %s\n",
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     1075 |                         &vpd->device_identifier[0]);
>          |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    drivers/target/target_core_transport.o: warning: objtool: transport_init_session()+0x61: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_alloc_session_tags()+0x80: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_read_prot_action()+0x156: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_handle_queue_full()+0x2ac: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_lun_remove_cmd()+0x1e3: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: __transport_check_aborted_status()+0x2e2: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_setup_cmd_from_cdb()+0x540: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_show_dynamic_sessions()+0xf6: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_put_nacl()+0x10b: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_free_session()+0x136: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_init_session_tags()+0x66: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: translate_sense_reason.constprop.0()+0x1aa: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_send_check_condition_and_sense()+0x357: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: __transport_wait_for_tasks()+0x245: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_generic_free_cmd()+0x1a5: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: init_se_kmem_caches()+0x2b: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_dump_vpd_ident_type()+0x144: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_cmd_size_check()+0x3f3: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_generic_map_mem_to_cmd()+0x7c: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_complete_ok_work()+0xa6e: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_complete_qf()+0x266: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_generic_request_failure()+0x4ae: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_write_prot_action()+0x156: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_handle_cdb_direct()+0x39: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: target_submit_cmd_map_sgls()+0x3af: sibling call from callable instruction with modified stack frame
>    drivers/target/target_core_transport.o: warning: objtool: transport_send_task_abort()+0x2a7: sibling call from callable instruction with modified stack frame
> 
> 
> vim +1079 drivers/target/target_core_transport.c
> 
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1060  
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1061  int transport_dump_vpd_ident(
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1062  	struct t10_vpd *vpd,
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1063  	unsigned char *p_buf,
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1064  	int p_buf_len)
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1065  {
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1066  	unsigned char buf[VPD_TMP_BUF_SIZE];
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1067  	int ret = 0;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1068  
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1069  	memset(buf, 0, VPD_TMP_BUF_SIZE);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1070  
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1071  	switch (vpd->device_identifier_code_set) {
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1072  	case 0x01: /* Binary */
> 703d641d870346 Dan Carpenter      2013-01-18  1073  		snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter      2013-01-18  1074  			"T10 VPD Binary Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1075  			&vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1076  		break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1077  	case 0x02: /* ASCII */
> 703d641d870346 Dan Carpenter      2013-01-18  1078  		snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter      2013-01-18 @1079  			"T10 VPD ASCII Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1080  			&vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1081  		break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1082  	case 0x03: /* UTF-8 */
> 703d641d870346 Dan Carpenter      2013-01-18  1083  		snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter      2013-01-18  1084  			"T10 VPD UTF-8 Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1085  			&vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1086  		break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1087  	default:
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1088  		sprintf(buf, "T10 VPD Device Identifier encoding unsupported:"
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1089  			" 0x%02x", vpd->device_identifier_code_set);
> e3d6f909ed803d Andy Grover        2011-07-19  1090  		ret = -EINVAL;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1091  		break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1092  	}
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1093  
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1094  	if (p_buf)
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1095  		strncpy(p_buf, buf, p_buf_len);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1096  	else
> 6708bb27bb2703 Andy Grover        2011-06-08  1097  		pr_debug("%s", buf);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1098  
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1099  	return ret;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1100  }
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17  1101  
> 
> :::::: The code at line 1079 was first introduced by commit
> :::::: 703d641d87034629f8b0da94334034ed5d805b36 target: change sprintf to snprintf in transport_dump_vpd_ident
> 
> :::::: TO: Dan Carpenter <dan.carpenter@...cle.com>
> :::::: CC: Nicholas Bellinger <nab@...ux-iscsi.org>
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ