From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: drivers/of/fdt.c:259:10: warning: Access to field 'child' results in a dereference of a null pointer (loaded from variable 'parent') [clang-analyzer-core.NullDereference]
Date: Mon, 02 Aug 2021 03:28:11 +0800 [thread overview]
Message-ID: <202108020307.K2ORYBdk-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 14281 bytes --]
CC: clang-built-linux(a)googlegroups.com
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Frank Rowand <frank.rowand@sony.com>
CC: Rob Herring <robh@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: c7d102232649226a69dddd58a4942cf13cff4f7c
commit: 649cab56de8eb2952498de9b752761ca980cb88a of: properly check for error returned by fdt_get_name()
date: 4 months ago
:::::: branch date: 2 days ago
:::::: commit date: 4 months ago
config: x86_64-randconfig-c001-20210731 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 4f71f59bf3d9914188a11d0c41bedbb339d36ff5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=649cab56de8eb2952498de9b752761ca980cb88a
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 649cab56de8eb2952498de9b752761ca980cb88a
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
drivers/hid/hid-picolcd_fb.c:148:6: note: Assuming 'bpp' is equal to 1
if (bpp == 1) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:2: note: Taking true branch
if (bpp == 1) {
^
drivers/hid/hid-picolcd_fb.c:149:3: note: Loop condition is true. Entering loop body
for (b = 7; b >= 0; b--) {
^
drivers/hid/hid-picolcd_fb.c:151:9: note: The value 0 is assigned to 'i'
for (i = 0; i < 64; i++) {
^~~~~
drivers/hid/hid-picolcd_fb.c:151:4: note: Loop condition is true. Entering loop body
for (i = 0; i < 64; i++) {
^
drivers/hid/hid-picolcd_fb.c:152:14: note: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
tdata[i] <<= 1;
~~~~~~~~ ^
drivers/hid/hid-picolcd_fb.c:160:14: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [clang-analyzer-core.uninitialized.Assign]
tdata[i] <<= 1;
^
drivers/hid/hid-picolcd_fb.c:437:2: note: Calling 'picolcd_fb_update'
picolcd_fb_update(info);
^~~~~~~~~~~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:234:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&fbdata->lock, flags);
^
include/linux/spinlock.h:384:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:250:2: note: expanded from macro 'raw_spin_lock_irqsave'
do { \
^
drivers/hid/hid-picolcd_fb.c:234:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&fbdata->lock, flags);
^
include/linux/spinlock.h:382:43: note: expanded from macro 'spin_lock_irqsave'
#define spin_lock_irqsave(lock, flags) \
^
drivers/hid/hid-picolcd_fb.c:235:6: note: Assuming field 'ready' is not equal to 0
if (!fbdata->ready && fbdata->picolcd)
^~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:235:21: note: Left side of '&&' is false
if (!fbdata->ready && fbdata->picolcd)
^
drivers/hid/hid-picolcd_fb.c:247:2: note: Loop condition is true. Entering loop body
for (chip = 0; chip < 4; chip++)
^
drivers/hid/hid-picolcd_fb.c:248:3: note: Loop condition is true. Entering loop body
for (tile = 0; tile < 8; tile++) {
^
drivers/hid/hid-picolcd_fb.c:249:8: note: Assuming field 'force' is 0
if (!fbdata->force && !picolcd_fb_update_tile(
^~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:249:8: note: Left side of '&&' is true
drivers/hid/hid-picolcd_fb.c:249:27: note: Calling 'picolcd_fb_update_tile'
if (!fbdata->force && !picolcd_fb_update_tile(
^~~~~~~~~~~~~~~~~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:6: note: Assuming 'bpp' is not equal to 1
if (bpp == 1) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:148:2: note: Taking false branch
if (bpp == 1) {
^
drivers/hid/hid-picolcd_fb.c:156:13: note: Assuming 'bpp' is equal to 8
} else if (bpp == 8) {
^~~~~~~~
drivers/hid/hid-picolcd_fb.c:156:9: note: Taking true branch
} else if (bpp == 8) {
^
drivers/hid/hid-picolcd_fb.c:157:3: note: Loop condition is true. Entering loop body
for (b = 7; b >= 0; b--) {
^
drivers/hid/hid-picolcd_fb.c:159:9: note: The value 0 is assigned to 'i'
for (i = 0; i < 64; i++) {
^~~~~
drivers/hid/hid-picolcd_fb.c:159:4: note: Loop condition is true. Entering loop body
for (i = 0; i < 64; i++) {
^
drivers/hid/hid-picolcd_fb.c:160:14: note: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
tdata[i] <<= 1;
~~~~~~~~ ^
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
>> drivers/of/fdt.c:259:10: warning: Access to field 'child' results in a dereference of a null pointer (loaded from variable 'parent') [clang-analyzer-core.NullDereference]
child = parent->child;
^
drivers/of/fdt.c:297:16: note: Assuming 'base' is non-null
bool dryrun = !base;
^~~~~
drivers/of/fdt.c:300:6: note: Assuming 'nodepp' is null
if (nodepp)
^~~~~~
drivers/of/fdt.c:300:2: note: Taking false branch
if (nodepp)
^
drivers/of/fdt.c:310:6: note: Assuming 'dad' is null
if (dad)
^~~
drivers/of/fdt.c:310:2: note: Taking false branch
if (dad)
^
drivers/of/fdt.c:317:7: note: 'offset' is >= 0
offset >= 0 && depth >= initial_depth;
^~~~~~
drivers/of/fdt.c:317:7: note: Left side of '&&' is true
drivers/of/fdt.c:316:2: note: Loop condition is true. Entering loop body
for (offset = 0;
^
drivers/of/fdt.c:319:7: note: Taking false branch
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
^
include/asm-generic/bug.h:103:2: note: expanded from macro 'WARN_ON_ONCE'
if (unlikely(__ret_warn_on)) \
^
drivers/of/fdt.c:319:3: note: Taking false branch
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
^
drivers/of/fdt.c:322:35: note: Left side of '&&' is false
if (!IS_ENABLED(CONFIG_OF_KOBJ) &&
^
drivers/of/fdt.c:326:9: note: Calling 'populate_node'
ret = populate_node(blob, offset, &mem, nps[depth],
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:220:6: note: Assuming 'pathp' is null
if (!pathp) {
^~~~~~
drivers/of/fdt.c:220:2: note: Taking true branch
if (!pathp) {
^
drivers/of/fdt.c:221:3: note: Storing null pointer value
*pnp = NULL;
^~~~~~~~~~~
drivers/of/fdt.c:326:9: note: Returning from 'populate_node'
ret = populate_node(blob, offset, &mem, nps[depth],
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:328:7: note: Assuming 'ret' is >= 0
if (ret < 0)
^~~~~~~
drivers/of/fdt.c:328:3: note: Taking false branch
if (ret < 0)
^
drivers/of/fdt.c:331:8: note: 'dryrun' is false
if (!dryrun && nodepp && !*nodepp)
^~~~~~
drivers/of/fdt.c:331:7: note: Left side of '&&' is true
if (!dryrun && nodepp && !*nodepp)
^
drivers/of/fdt.c:331:18: note: 'nodepp' is null
if (!dryrun && nodepp && !*nodepp)
^~~~~~
drivers/of/fdt.c:331:25: note: Left side of '&&' is false
if (!dryrun && nodepp && !*nodepp)
^
drivers/of/fdt.c:333:8: note: 'dryrun' is false
if (!dryrun && !root)
^~~~~~
drivers/of/fdt.c:333:7: note: Left side of '&&' is true
if (!dryrun && !root)
^
drivers/of/fdt.c:333:19: note: 'root' is null
if (!dryrun && !root)
^~~~
drivers/of/fdt.c:333:3: note: Taking true branch
if (!dryrun && !root)
^
drivers/of/fdt.c:334:4: note: Null pointer value stored to 'root'
root = nps[depth+1];
^~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:317:7: note: Assuming 'offset' is < 0
offset >= 0 && depth >= initial_depth;
^~~~~~~~~~~
drivers/of/fdt.c:317:19: note: Left side of '&&' is false
offset >= 0 && depth >= initial_depth;
^
drivers/of/fdt.c:337:6: note: 'offset' is < 0
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^~~~~~
drivers/of/fdt.c:337:6: note: Left side of '&&' is true
drivers/of/fdt.c:337:20: note: Assuming the condition is false
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/of/fdt.c:337:2: note: Taking false branch
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
^
vim +259 drivers/of/fdt.c
dfbd4c6eff35f1 Gavin Shan 2016-05-03 253
50800082f17645 Gavin Shan 2016-05-03 254 static void reverse_nodes(struct device_node *parent)
50800082f17645 Gavin Shan 2016-05-03 255 {
50800082f17645 Gavin Shan 2016-05-03 256 struct device_node *child, *next;
50800082f17645 Gavin Shan 2016-05-03 257
50800082f17645 Gavin Shan 2016-05-03 258 /* In-depth first */
50800082f17645 Gavin Shan 2016-05-03 @259 child = parent->child;
50800082f17645 Gavin Shan 2016-05-03 260 while (child) {
50800082f17645 Gavin Shan 2016-05-03 261 reverse_nodes(child);
50800082f17645 Gavin Shan 2016-05-03 262
50800082f17645 Gavin Shan 2016-05-03 263 child = child->sibling;
50800082f17645 Gavin Shan 2016-05-03 264 }
50800082f17645 Gavin Shan 2016-05-03 265
50800082f17645 Gavin Shan 2016-05-03 266 /* Reverse the nodes in the child list */
50800082f17645 Gavin Shan 2016-05-03 267 child = parent->child;
50800082f17645 Gavin Shan 2016-05-03 268 parent->child = NULL;
50800082f17645 Gavin Shan 2016-05-03 269 while (child) {
50800082f17645 Gavin Shan 2016-05-03 270 next = child->sibling;
50800082f17645 Gavin Shan 2016-05-03 271
50800082f17645 Gavin Shan 2016-05-03 272 child->sibling = parent->child;
50800082f17645 Gavin Shan 2016-05-03 273 parent->child = child;
50800082f17645 Gavin Shan 2016-05-03 274 child = next;
50800082f17645 Gavin Shan 2016-05-03 275 }
50800082f17645 Gavin Shan 2016-05-03 276 }
50800082f17645 Gavin Shan 2016-05-03 277
:::::: The code at line 259 was first introduced by commit
:::::: 50800082f17645620bfdd357ba9141c86b76363d drivers/of: Avoid recursively calling unflatten_dt_node()
:::::: TO: Gavin Shan <gwshan@linux.vnet.ibm.com>
:::::: CC: Rob Herring <robh@kernel.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 34227 bytes --]
reply other threads:[~2021-08-01 19:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202108020307.K2ORYBdk-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.