lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 26 Dec 2023 05:18:23 +0800
From: kernel test robot <lkp@...el.com>
To: Eddie James <eajames@...ux.ibm.com>
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org,
	Guenter Roeck <linux@...ck-us.net>
Subject: drivers/hwmon/pmbus/ibm-cffps.c:184:60: warning: '%04X' directive
 output may be truncated writing between 4 and 8 bytes into a region of size
 5

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   861deac3b092f37b2c5e6871732f3e11486f7082
commit: 2f8a855efe8a6faf962c53af406e5ea4791b3877 pmbus: (ibm-cffps) Add support for version 2 of the PSU
date:   4 years, 4 months ago
config: x86_64-randconfig-x063-20230716 (https://download.01.org/0day-ci/archive/20231226/202312260533.FU092oo9-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231226/202312260533.FU092oo9-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202312260533.FU092oo9-lkp@intel.com/

All warnings (new ones prefixed by >>):

   drivers/hwmon/pmbus/ibm-cffps.c: In function 'ibm_cffps_debugfs_op':
   drivers/hwmon/pmbus/ibm-cffps.c:171:60: warning: '%02X' directive output may be truncated writing between 2 and 8 bytes into a region of size 3 [-Wformat-truncation=]
     171 |                                 snprintf(&data[i * 2], 3, "%02X", rc);
         |                                                            ^~~~
   drivers/hwmon/pmbus/ibm-cffps.c:171:59: note: directive argument in the range [0, 2147483647]
     171 |                                 snprintf(&data[i * 2], 3, "%02X", rc);
         |                                                           ^~~~~~
   drivers/hwmon/pmbus/ibm-cffps.c:171:33: note: 'snprintf' output between 3 and 9 bytes into a destination of size 3
     171 |                                 snprintf(&data[i * 2], 3, "%02X", rc);
         |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> drivers/hwmon/pmbus/ibm-cffps.c:184:60: warning: '%04X' directive output may be truncated writing between 4 and 8 bytes into a region of size 5 [-Wformat-truncation=]
     184 |                                 snprintf(&data[i * 4], 5, "%04X", rc);
         |                                                            ^~~~
   drivers/hwmon/pmbus/ibm-cffps.c:184:59: note: directive argument in the range [0, 2147483647]
     184 |                                 snprintf(&data[i * 4], 5, "%04X", rc);
         |                                                           ^~~~~~
   drivers/hwmon/pmbus/ibm-cffps.c:184:33: note: 'snprintf' output between 5 and 9 bytes into a destination of size 5
     184 |                                 snprintf(&data[i * 4], 5, "%04X", rc);
         |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


vim +184 drivers/hwmon/pmbus/ibm-cffps.c

   129	
   130	static ssize_t ibm_cffps_debugfs_op(struct file *file, char __user *buf,
   131					    size_t count, loff_t *ppos)
   132	{
   133		u8 cmd;
   134		int i, rc;
   135		int *idxp = file->private_data;
   136		int idx = *idxp;
   137		struct ibm_cffps *psu = to_psu(idxp, idx);
   138		char data[I2C_SMBUS_BLOCK_MAX] = { 0 };
   139	
   140		pmbus_set_page(psu->client, 0);
   141	
   142		switch (idx) {
   143		case CFFPS_DEBUGFS_INPUT_HISTORY:
   144			return ibm_cffps_read_input_history(psu, buf, count, ppos);
   145		case CFFPS_DEBUGFS_FRU:
   146			cmd = CFFPS_FRU_CMD;
   147			break;
   148		case CFFPS_DEBUGFS_PN:
   149			cmd = CFFPS_PN_CMD;
   150			break;
   151		case CFFPS_DEBUGFS_SN:
   152			cmd = CFFPS_SN_CMD;
   153			break;
   154		case CFFPS_DEBUGFS_CCIN:
   155			rc = i2c_smbus_read_word_swapped(psu->client, CFFPS_CCIN_CMD);
   156			if (rc < 0)
   157				return rc;
   158	
   159			rc = snprintf(data, 5, "%04X", rc);
   160			goto done;
   161		case CFFPS_DEBUGFS_FW:
   162			switch (psu->version) {
   163			case cffps1:
   164				for (i = 0; i < CFFPS1_FW_NUM_BYTES; ++i) {
   165					rc = i2c_smbus_read_byte_data(psu->client,
   166								      CFFPS_FW_CMD +
   167									i);
   168					if (rc < 0)
   169						return rc;
   170	
   171					snprintf(&data[i * 2], 3, "%02X", rc);
   172				}
   173	
   174				rc = i * 2;
   175				break;
   176			case cffps2:
   177				for (i = 0; i < CFFPS2_FW_NUM_WORDS; ++i) {
   178					rc = i2c_smbus_read_word_data(psu->client,
   179								      CFFPS_FW_CMD +
   180									i);
   181					if (rc < 0)
   182						return rc;
   183	
 > 184					snprintf(&data[i * 4], 5, "%04X", rc);
   185				}
   186	
   187				rc = i * 4;
   188				break;
   189			default:
   190				return -EOPNOTSUPP;
   191			}
   192			goto done;
   193		default:
   194			return -EINVAL;
   195		}
   196	
   197		rc = i2c_smbus_read_block_data(psu->client, cmd, data);
   198		if (rc < 0)
   199			return rc;
   200	
   201	done:
   202		data[rc] = '\n';
   203		rc += 2;
   204	
   205		return simple_read_from_buffer(buf, count, ppos, data, rc);
   206	}
   207	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ