[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240225121929.2e3fdc1b@jic23-huawei>
Date: Sun, 25 Feb 2024 12:19:29 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Arnd Bergmann <arnd@...nel.org>
Cc: Arnd Bergmann <arnd@...db.de>, Lars-Peter Clausen <lars@...afoo.de>,
Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers
<ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt
<justinstitt@...gle.com>, Uwe Kleine-König
<u.kleine-koenig@...gutronix.de>, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH] iio: avoid fortify-string overflow error
On Sat, 24 Feb 2024 13:11:34 +0100
Arnd Bergmann <arnd@...nel.org> wrote:
> From: Arnd Bergmann <arnd@...db.de>
>
> The memcpy() call in dlhl60d.c triggers a check with clang-19:
>
> In file included from drivers/iio/pressure/dlhl60d.c:11:
> In file included from include/linux/module.h:17:
> include/linux/fortify-string.h:553:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
> 553 | __write_overflow_field(p_size_field, size);
> | ^
>
> It writes into a two member array from a loop over a linked list
> that likely has some indication of having more than two entries.
>
> Add a conditional check there to avoid the overflow.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
Hi Arnd,
It's a false positive, but the compiler has no way to tell that only bits
0 and 1 can be set.
https://lore.kernel.org/linux-iio/20240222222335.work.759-kees@kernel.org/
for discussion on why + the missing zero initialization bug Kees noticed whilst
looking at this code.
Kees proposed an alternative way to suppress the warning that I've just applied.
https://lore.kernel.org/linux-iio/20240223172936.it.875-kees@kernel.org/
Your solution also works but leaves the implication of a real path to
overflow the buffer when there isn't one, hence I prefer what Kees had unless
some future version of clang trips over that in which case we can revisit.
Thanks
Jonathan
> ---
> drivers/iio/pressure/dlhl60d.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/iio/pressure/dlhl60d.c b/drivers/iio/pressure/dlhl60d.c
> index 28c8269ba65d..a43ecda849db 100644
> --- a/drivers/iio/pressure/dlhl60d.c
> +++ b/drivers/iio/pressure/dlhl60d.c
> @@ -262,6 +262,8 @@ static irqreturn_t dlh_trigger_handler(int irq, void *private)
> &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES,
> DLH_NUM_DATA_BYTES);
> i++;
> + if (i >= ARRAY_SIZE(tmp_buf))
> + break;
> }
>
> iio_push_to_buffers(indio_dev, tmp_buf);
Powered by blists - more mailing lists