| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Feb 2024 15:37:01 +0100 From: Takashi Iwai <tiwai@...e.de> To: Arnd Bergmann <arnd@...nel.org> Cc: Kees Cook <keescook@...omium.org>, Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>, Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, linux-sound@...r.kernel.org, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH] ALSA: asihpi: work around clang-17+ false positive fortify-string warning On Wed, 28 Feb 2024 15:01:45 +0100, Arnd Bergmann wrote: > > From: Arnd Bergmann <arnd@...db.de> > > One of the memory copies in this driver triggers a warning about a > possible out of range access: > > In file included from /home/arnd/arm-soc/sound/pci/asihpi/hpimsgx.c:13: > /home/arnd/arm-soc/include/linux/fortify-string.h:553:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] > 553 | __write_overflow_field(p_size_field, size); > | ^ Hmm, I can't see the relevance of those messages with the code you touched. Do you have more info? > Adding a range check avoids the problem, though I don't quite see > why it warns in the first place if clang has no knowledge of the > actual range of the type, or why I never saw the warning in previous > randconfig tests. It's indeed puzzling. If it's really about adapter_prepare() call, the caller is only HPIMSGX__init(), and there is already an assignment with that index value beforehand: hpi_entry_points[hr.u.s.adapter_index] = entry_point_func; and this array is also the size of HPI_MAX_ADAPTERS. That is, the same check should have caught here... thanks, Takashi > > Signed-off-by: Arnd Bergmann <arnd@...db.de> > --- > sound/pci/asihpi/hpimsgx.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/sound/pci/asihpi/hpimsgx.c b/sound/pci/asihpi/hpimsgx.c > index d0caef299481..4f245c3956b1 100644 > --- a/sound/pci/asihpi/hpimsgx.c > +++ b/sound/pci/asihpi/hpimsgx.c > @@ -576,6 +576,9 @@ static u16 adapter_prepare(u16 adapter) > /* Open the adapter and streams */ > u16 i; > > + if (adapter >= ARRAY_SIZE(rESP_HPI_ADAPTER_OPEN)) > + return 0; > + > /* call to HPI_ADAPTER_OPEN */ > hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER, > HPI_ADAPTER_OPEN); > -- > 2.39.2 >
Powered by blists - more mailing lists