| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b8b9dc2c-cb70-41c5-8606-eb3aa6cdc257@roeck-us.net>
Date: Fri, 20 Dec 2024 07:21:18 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: kernel test robot <lkp@...el.com>, Eddie James <eajames@...ux.ibm.com>
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: drivers/hwmon/pmbus/ibm-cffps.c:184:60: warning: '%04X' directive
output may be truncated writing between 4 and 8 bytes into a region of size 5
On 12/20/24 05:54, kernel test robot wrote:
> Hi Eddie,
>
> FYI, the error/warning still remains.
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 8faabc041a001140564f718dabe37753e88b37fa
> commit: 2f8a855efe8a6faf962c53af406e5ea4791b3877 pmbus: (ibm-cffps) Add support for version 2 of the PSU
> date: 5 years ago
> config: x86_64-randconfig-077-20241209 (https://download.01.org/0day-ci/archive/20241220/202412202139.tZ2VJL2f-lkp@intel.com/config)
> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241220/202412202139.tZ2VJL2f-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202412202139.tZ2VJL2f-lkp@intel.com/
>
We could use %2. 2X and %4.4X to make the compiler happy, but those are false positives.
rc is known in all cases to not exceed the format size. I don't see the point of changing
the code just to make the compiler happy.
Guenter
> All warnings (new ones prefixed by >>):
>
> drivers/hwmon/pmbus/ibm-cffps.c: In function 'ibm_cffps_debugfs_op':
> drivers/hwmon/pmbus/ibm-cffps.c:171:60: warning: '%02X' directive output may be truncated writing between 2 and 8 bytes into a region of size 3 [-Wformat-truncation=]
> 171 | snprintf(&data[i * 2], 3, "%02X", rc);
> | ^~~~
> drivers/hwmon/pmbus/ibm-cffps.c:171:59: note: directive argument in the range [0, 2147483647]
> 171 | snprintf(&data[i * 2], 3, "%02X", rc);
> | ^~~~~~
> drivers/hwmon/pmbus/ibm-cffps.c:171:33: note: 'snprintf' output between 3 and 9 bytes into a destination of size 3
> 171 | snprintf(&data[i * 2], 3, "%02X", rc);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> drivers/hwmon/pmbus/ibm-cffps.c:184:60: warning: '%04X' directive output may be truncated writing between 4 and 8 bytes into a region of size 5 [-Wformat-truncation=]
> 184 | snprintf(&data[i * 4], 5, "%04X", rc);
> | ^~~~
> drivers/hwmon/pmbus/ibm-cffps.c:184:59: note: directive argument in the range [0, 2147483647]
> 184 | snprintf(&data[i * 4], 5, "%04X", rc);
> | ^~~~~~
> drivers/hwmon/pmbus/ibm-cffps.c:184:33: note: 'snprintf' output between 5 and 9 bytes into a destination of size 5
> 184 | snprintf(&data[i * 4], 5, "%04X", rc);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> vim +184 drivers/hwmon/pmbus/ibm-cffps.c
>
> 129
> 130 static ssize_t ibm_cffps_debugfs_op(struct file *file, char __user *buf,
> 131 size_t count, loff_t *ppos)
> 132 {
> 133 u8 cmd;
> 134 int i, rc;
> 135 int *idxp = file->private_data;
> 136 int idx = *idxp;
> 137 struct ibm_cffps *psu = to_psu(idxp, idx);
> 138 char data[I2C_SMBUS_BLOCK_MAX] = { 0 };
> 139
> 140 pmbus_set_page(psu->client, 0);
> 141
> 142 switch (idx) {
> 143 case CFFPS_DEBUGFS_INPUT_HISTORY:
> 144 return ibm_cffps_read_input_history(psu, buf, count, ppos);
> 145 case CFFPS_DEBUGFS_FRU:
> 146 cmd = CFFPS_FRU_CMD;
> 147 break;
> 148 case CFFPS_DEBUGFS_PN:
> 149 cmd = CFFPS_PN_CMD;
> 150 break;
> 151 case CFFPS_DEBUGFS_SN:
> 152 cmd = CFFPS_SN_CMD;
> 153 break;
> 154 case CFFPS_DEBUGFS_CCIN:
> 155 rc = i2c_smbus_read_word_swapped(psu->client, CFFPS_CCIN_CMD);
> 156 if (rc < 0)
> 157 return rc;
> 158
> 159 rc = snprintf(data, 5, "%04X", rc);
> 160 goto done;
> 161 case CFFPS_DEBUGFS_FW:
> 162 switch (psu->version) {
> 163 case cffps1:
> 164 for (i = 0; i < CFFPS1_FW_NUM_BYTES; ++i) {
> 165 rc = i2c_smbus_read_byte_data(psu->client,
> 166 CFFPS_FW_CMD +
> 167 i);
> 168 if (rc < 0)
> 169 return rc;
> 170
> 171 snprintf(&data[i * 2], 3, "%02X", rc);
> 172 }
> 173
> 174 rc = i * 2;
> 175 break;
> 176 case cffps2:
> 177 for (i = 0; i < CFFPS2_FW_NUM_WORDS; ++i) {
> 178 rc = i2c_smbus_read_word_data(psu->client,
> 179 CFFPS_FW_CMD +
> 180 i);
> 181 if (rc < 0)
> 182 return rc;
> 183
> > 184 snprintf(&data[i * 4], 5, "%04X", rc);
> 185 }
> 186
> 187 rc = i * 4;
> 188 break;
> 189 default:
> 190 return -EOPNOTSUPP;
> 191 }
> 192 goto done;
> 193 default:
> 194 return -EINVAL;
> 195 }
> 196
> 197 rc = i2c_smbus_read_block_data(psu->client, cmd, data);
> 198 if (rc < 0)
> 199 return rc;
> 200
> 201 done:
> 202 data[rc] = '\n';
> 203 rc += 2;
> 204
> 205 return simple_read_from_buffer(buf, count, ppos, data, rc);
> 206 }
> 207
>
Powered by blists - more mailing lists