| Message ID | 20210816092610.GA26746@kili (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | fail | Series targets non-next tree, but doesn't contain any Fixes tags |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 8 of 8 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | fail | Errors and warnings before: 0 this patch: 2 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 13 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | Link |
Hi Dan, > +++ b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c > @@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = { > > int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index) { > - int array_size = ARRAY_SIZE(modem_cfg); > - > - if (index >= array_size) { > - pr_err("index: %d and array_size %d", index, array_size); > + if (index >= ARRAY_SIZE(modem_cfg)) { > + pr_err("index: %d and array_size %lu", index, array_size is removed so please change array_size in pr_err to array size (remove _). Also change in pr_err array size format "%lu" is throwing warning [1] in 32bit env. [1] from ../drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c:6: ../drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c: In function 'ipc_chnl_cfg_get': ../include/linux/kern_levels.h:5:18: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat=] Regards, Chetan
diff --git a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c index 804e6c4f2c78..016c9c3aea8e 100644 --- a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c +++ b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c @@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = { int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index) { - int array_size = ARRAY_SIZE(modem_cfg); - - if (index >= array_size) { - pr_err("index: %d and array_size %d", index, array_size); + if (index >= ARRAY_SIZE(modem_cfg)) { + pr_err("index: %d and array_size %lu", index, + ARRAY_SIZE(modem_cfg)); return -ECHRNG; }
The bounds check on "index" doesn't catch negative values. Using ARRAY_SIZE() directly is more readable and more robust because it prevents negative values for "index". Fortunately we only pass valid values to ipc_chnl_cfg_get() so this patch does not affect runtime. Reported-by: Solomon Ucko <solly.ucko@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- I suspect this is bug report was based on static analysis. I had a Smatch check that used to print a warning, but then I modified it to only complain when the index was user controlled. drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)