tree:
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
for-next/array-bounds
head: 530fa69573b2e7c05bc744cedced782fa76fa3a5
commit: 530fa69573b2e7c05bc744cedced782fa76fa3a5 [2/2] Makefile: Enable
-Warray-bounds=2
:::::: branch date: 3 hours ago
:::::: commit date: 3 hours ago
config: microblaze-randconfig-s032-20210723 (attached as .config)
compiler: microblaze-linux-gcc (GCC) 10.3.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
-O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.3-341-g8af24329-dirty
#
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=530fa69573b2e7c05bc744cedced782fa76fa3a5
git remote add gustavoars-linux
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
git fetch --no-tags gustavoars-linux for-next/array-bounds
git checkout 530fa69573b2e7c05bc744cedced782fa76fa3a5
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross
C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=microblaze
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
All warnings (new ones prefixed by >>):
drivers/char/pcmcia/cm4000_cs.c: In function 'cmm_open':
>> drivers/char/pcmcia/cm4000_cs.c:146:2: warning: 'memset' offset [1097, 1155] from the object at 'dev' is out of the bounds of referenced subobject 'atr_csum' with type 'unsigned char' at offset 1096 [-Warray-bounds]
146 | memset(&dev->atr_csum,0, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
147 | sizeof(struct cm4000_dev) - \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 | offsetof(struct cm4000_dev, atr_csum))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:1655:2: note: in expansion of macro
'ZERO_DEV'
1655 | ZERO_DEV(dev);
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:121:16: note: subobject 'atr_csum'
declared here
121 | unsigned char atr_csum;
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c: In function 'cmm_close':
>> drivers/char/pcmcia/cm4000_cs.c:146:2: warning: 'memset' offset [1097, 1155] from the object at 'dev' is out of the bounds of referenced subobject 'atr_csum' with type 'unsigned char' at offset 1096 [-Warray-bounds]
146 | memset(&dev->atr_csum,0, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
147 | sizeof(struct cm4000_dev) - \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 | offsetof(struct cm4000_dev, atr_csum))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:1702:2: note: in expansion of macro
'ZERO_DEV'
1702 | ZERO_DEV(dev);
| ^~~~~~~~
drivers/char/pcmcia/cm4000_cs.c:121:16: note: subobject 'atr_csum'
declared here
121 | unsigned char atr_csum;
| ^~~~~~~~
--
In file included from drivers/scsi/libfc/fc_elsct.c:18:
drivers/scsi/libfc/fc_encode.h: In function 'fc_ct_ns_fill':
drivers/scsi/libfc/fc_encode.h:153:3: warning: 'strncpy' output may
be truncated copying between 0 and 255 bytes from a string of length 255
[-Wstringop-truncation]
153 | strncpy(ct->payload.snn.fr_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
154 | fc_host_symbolic_name(lport->host), len);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/libfc/fc_encode.h:143:3: warning: 'strncpy' output may
be truncated copying between 0 and 255 bytes from a string of length 255
[-Wstringop-truncation]
143 | strncpy(ct->payload.spn.fr_name,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
144 | fc_host_symbolic_name(lport->host), len);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/libfc/fc_encode.h: In function 'fc_ct_ms_fill.constprop':
>> drivers/scsi/libfc/fc_encode.h:504:3: warning: 'memcpy' offset [32, 63] from the object at 'pp' is out of the bounds of referenced subobject 'value' with type '__u8[1]' {aka 'unsigned char[1]'} at offset 32 [-Warray-bounds]
504 | memcpy(&entry->value, fc_host_supported_fc4s(lport->host),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
505 | FC_FDMI_PORT_ATTR_FC4TYPES_LEN);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/scsi/libfc.h:22,
from drivers/scsi/libfc/fc_elsct.c:17:
include/scsi/fc/fc_ms.h:161:8: note: subobject 'value' declared here
161 | __u8 value[1];
| ^~~~~
In file included from drivers/scsi/libfc/fc_elsct.c:18:
drivers/scsi/libfc/fc_encode.h:651:4: warning: 'memcpy' offset [924,
955] from the object at 'pp' is out of the bounds of referenced
subobject 'value' with type '__u8[1]' {aka 'unsigned char[1]'} at offset
924 [-Warray-bounds]
651 | memcpy(&entry->value, fc_host_active_fc4s(lport->host),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
652 | FC_FDMI_PORT_ATTR_CURRENTFC4TYPE_LEN);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/scsi/libfc.h:22,
from drivers/scsi/libfc/fc_elsct.c:17:
include/scsi/fc/fc_ms.h:161:8: note: subobject 'value' declared here
161 | __u8 value[1];
| ^~~~~
--
net/core/flow_dissector.c: In function '__skb_flow_dissect':
>> net/core/flow_dissector.c:1104:4: warning: 'memcpy' offset [24, 39] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'struct in6_addr' at offset 8 [-Warray-bounds]
1104 | memcpy(&key_addrs->v6addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1105 | sizeof(key_addrs->v6addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ipv6.h:5,
from net/core/flow_dissector.c:6:
include/uapi/linux/ipv6.h:133:18: note: subobject 'saddr' declared here
133 | struct in6_addr saddr;
| ^~~~~
>> net/core/flow_dissector.c:1059:4: warning: 'memcpy' offset [16, 19] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 12 [-Warray-bounds]
1059 | memcpy(&key_addrs->v4addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1060 | sizeof(key_addrs->v4addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ip.h:17,
from net/core/flow_dissector.c:5:
include/uapi/linux/ip.h:103:9: note: subobject 'saddr' declared here
103 | __be32 saddr;
| ^~~~~
--
net/ipv4/route.c: In function 'rt_fill_info.constprop':
>> net/ipv4/route.c:2998:4: warning: 'memcpy' offset [6, 21] from the object at 'nla' is out of the bounds of referenced subobject 'rtvia_addr' with type '__u8[0]' {aka 'unsigned char[]'} at offset 6 [-Warray-bounds]
2998 | memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/rtnetlink.h:10,
from include/linux/inetdevice.h:14,
from net/ipv4/route.c:80:
include/uapi/linux/rtnetlink.h:434:9: note: subobject 'rtvia_addr'
declared here
434 | __u8 rtvia_addr[0];
| ^~~~~~~~~~
--
In function 'ip_copy_addrs',
inlined from '__ip_queue_xmit' at net/ipv4/ip_output.c:517:2:
>> net/ipv4/ip_output.c:449:2: warning: 'memcpy' offset [40, 43] from the object at 'fl' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 36 [-Warray-bounds]
449 | memcpy(&iph->saddr, &fl4->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450 | sizeof(fl4->saddr) + sizeof(fl4->daddr));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/net/net_namespace.h:15,
from include/linux/inet.h:42,
from net/ipv4/ip_output.c:59:
net/ipv4/ip_output.c: In function '__ip_queue_xmit':
include/net/flow.h:84:11: note: subobject 'saddr' declared here
84 | __be32 saddr;
| ^~~~~
In function 'ip_copy_addrs',
inlined from '__ip_make_skb' at net/ipv4/ip_output.c:1541:2:
>> net/ipv4/ip_output.c:449:2: warning: 'memcpy' offset [40, 43] from the object at 'fl4' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 36 [-Warray-bounds]
449 | memcpy(&iph->saddr, &fl4->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450 | sizeof(fl4->saddr) + sizeof(fl4->daddr));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/net/net_namespace.h:15,
from include/linux/inet.h:42,
from net/ipv4/ip_output.c:59:
net/ipv4/ip_output.c: In function '__ip_make_skb':
include/net/flow.h:84:11: note: subobject 'saddr' declared here
84 | __be32 saddr;
| ^~~~~
--
net/ipv4/fib_semantics.c: In function 'fib_nexthop_info':
>> net/ipv4/fib_semantics.c:1637:4: warning: 'memcpy' offset [6, 21] from the object at 'nla' is out of the bounds of referenced subobject 'rtvia_addr' with type '__u8[0]' {aka 'unsigned char[]'} at offset 6 [-Warray-bounds]
1637 | memcpy(via->rtvia_addr, &nhc->nhc_gw.ipv6, alen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/rtnetlink.h:10,
from include/linux/inetdevice.h:14,
from net/ipv4/fib_semantics.c:24:
include/uapi/linux/rtnetlink.h:434:9: note: subobject 'rtvia_addr'
declared here
434 | __u8 rtvia_addr[0];
| ^~~~~~~~~~
vim +146 drivers/char/pcmcia/cm4000_cs.c
c1986ee9bea3d8 Harald Welte 2005-11-13 144 c1986ee9bea3d8 Harald Welte
2005-11-13 145 #define ZERO_DEV(dev) \
c1986ee9bea3d8 Harald Welte 2005-11-13 @146 memset(&dev->atr_csum,0, \
c1986ee9bea3d8 Harald Welte 2005-11-13 147 sizeof(struct
cm4000_dev) - \
a2bcce8ede4fbd Al Viro 2006-06-15 148 offsetof(struct
cm4000_dev, atr_csum))
c1986ee9bea3d8 Harald Welte 2005-11-13 149
:::::: The code at line 146 was first introduced by commit
:::::: c1986ee9bea3d880bcf0d3f1a31e055778f306c7 [PATCH] New Omnikey
Cardman 4000 driver
:::::: TO: Harald Welte <[email protected]>
:::::: CC: Linus Torvalds <[email protected]>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]