From: Jonathan Cameron <jic23@kernel.org>
To: Arnd Bergmann <arnd@kernel.org>
Cc: "Arnd Bergmann" <arnd@arndb.de>,
"Lars-Peter Clausen" <lars@metafoo.de>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Bill Wendling" <morbo@google.com>,
"Justin Stitt" <justinstitt@google.com>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev
Subject: Re: [PATCH] iio: avoid fortify-string overflow error
Date: Sun, 25 Feb 2024 12:19:29 +0000 [thread overview]
Message-ID: <20240225121929.2e3fdc1b@jic23-huawei> (raw)
In-Reply-To: <20240224121140.1883201-1-arnd@kernel.org>
On Sat, 24 Feb 2024 13:11:34 +0100
Arnd Bergmann <arnd@kernel.org> wrote:
> From: Arnd Bergmann <arnd@arndb.de>
>
> The memcpy() call in dlhl60d.c triggers a check with clang-19:
>
> In file included from drivers/iio/pressure/dlhl60d.c:11:
> In file included from include/linux/module.h:17:
> include/linux/fortify-string.h:553:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
> 553 | __write_overflow_field(p_size_field, size);
> | ^
>
> It writes into a two member array from a loop over a linked list
> that likely has some indication of having more than two entries.
>
> Add a conditional check there to avoid the overflow.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Hi Arnd,
It's a false positive, but the compiler has no way to tell that only bits
0 and 1 can be set.
https://lore.kernel.org/linux-iio/20240222222335.work.759-kees@kernel.org/
for discussion on why + the missing zero initialization bug Kees noticed whilst
looking at this code.
Kees proposed an alternative way to suppress the warning that I've just applied.
https://lore.kernel.org/linux-iio/20240223172936.it.875-kees@kernel.org/
Your solution also works but leaves the implication of a real path to
overflow the buffer when there isn't one, hence I prefer what Kees had unless
some future version of clang trips over that in which case we can revisit.
Thanks
Jonathan
> ---
> drivers/iio/pressure/dlhl60d.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/iio/pressure/dlhl60d.c b/drivers/iio/pressure/dlhl60d.c
> index 28c8269ba65d..a43ecda849db 100644
> --- a/drivers/iio/pressure/dlhl60d.c
> +++ b/drivers/iio/pressure/dlhl60d.c
> @@ -262,6 +262,8 @@ static irqreturn_t dlh_trigger_handler(int irq, void *private)
> &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES,
> DLH_NUM_DATA_BYTES);
> i++;
> + if (i >= ARRAY_SIZE(tmp_buf))
> + break;
> }
>
> iio_push_to_buffers(indio_dev, tmp_buf);
next prev parent reply other threads:[~2024-02-25 12:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-24 12:11 [PATCH] iio: avoid fortify-string overflow error Arnd Bergmann
2024-02-25 12:19 ` Jonathan Cameron [this message]
2024-02-26 6:40 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240225121929.2e3fdc1b@jic23-huawei \
--to=jic23@kernel.org \
--cc=arnd@arndb.de \
--cc=arnd@kernel.org \
--cc=justinstitt@google.com \
--cc=lars@metafoo.de \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox