2023-10-07 13:11:26

by Christian Marangi

[permalink] [raw]
Subject: [net PATCH] leds: trigger: netdev: move size check in set_device_name

GCC 13.2 complains about array subscript 17 is above array bounds of
'char[16]' with IFNAMSIZ set to 16.

The warning is correct but this scenario is impossible.
set_device_name is called by device_name_store (store sysfs entry) and
netdev_trig_activate.

device_name_store already check if size is >= of IFNAMSIZ and return
-EINVAL. (making the warning scenario impossible)

netdev_trig_activate works on already defined interface, where the name
has already been checked and should already follow the condition of
strlen() < IFNAMSIZ.

Aside from the scenario being impossible, set_device_name can be
improved to both mute the warning and make the function safer.
To make it safer, move size check from device_name_store directly to
set_device_name and prevent any out of bounds scenario.

Cc: [email protected]
Fixes: 28a6a2ef18ad ("leds: trigger: netdev: refactor code setting device name")
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Christian Marangi <[email protected]>
---
drivers/leds/trigger/ledtrig-netdev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/leds/trigger/ledtrig-netdev.c b/drivers/leds/trigger/ledtrig-netdev.c
index 58f3352539e8..e358e77e4b38 100644
--- a/drivers/leds/trigger/ledtrig-netdev.c
+++ b/drivers/leds/trigger/ledtrig-netdev.c
@@ -221,6 +221,9 @@ static ssize_t device_name_show(struct device *dev,
static int set_device_name(struct led_netdev_data *trigger_data,
const char *name, size_t size)
{
+ if (size >= IFNAMSIZ)
+ return -EINVAL;
+
cancel_delayed_work_sync(&trigger_data->work);

mutex_lock(&trigger_data->lock);
@@ -263,9 +266,6 @@ static ssize_t device_name_store(struct device *dev,
struct led_netdev_data *trigger_data = led_trigger_get_drvdata(dev);
int ret;

- if (size >= IFNAMSIZ)
- return -EINVAL;
-
ret = set_device_name(trigger_data, buf, size);

if (ret < 0)
--
2.40.1


2023-10-12 10:23:00

by Lee Jones

[permalink] [raw]
Subject: Re: (subset) [net PATCH] leds: trigger: netdev: move size check in set_device_name

On Sat, 07 Oct 2023 15:10:42 +0200, Christian Marangi wrote:
> GCC 13.2 complains about array subscript 17 is above array bounds of
> 'char[16]' with IFNAMSIZ set to 16.
>
> The warning is correct but this scenario is impossible.
> set_device_name is called by device_name_store (store sysfs entry) and
> netdev_trig_activate.
>
> [...]

Applied, thanks!

[1/1] leds: trigger: netdev: move size check in set_device_name
commit: e0e29e434cdca9705eb420b3f26928444fa559f6

--
Lee Jones [李琼斯]