[kbuild] drivers/net/ethernet/xilinx/ll_temac_main.c:1257:10: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the
CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: Arnd Bergmann CC: Masahiro Yamada CC: Alex Shi CC: Nick Desaulniers CC: Miguel Ojeda CC: Nathan Chancellor tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 3e732ebf7316ac83e8562db7e64cc68aec390a18 commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11 date: 4 weeks ago :: branch date: 2 days ago :: commit date: 4 weeks ago config: arm-randconfig-c002-20220405 (https://download.01.org/0day-ci/archive/20220407/202204072012.b5q31tqt-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project c4a1b07d0979e7ff20d7d541af666d822d66b566) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot clang-analyzer warnings: (new ones prefixed by >>) return sprintf(buf, "%d\n", TEMP_FROM_REG(data->zone[nr].limit) + ^~~ drivers/hwmon/lm85.c:1252:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", TEMP_FROM_REG(data->zone[nr].critical)); ^~~ drivers/hwmon/lm85.c:1252:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", TEMP_FROM_REG(data->zone[nr].critical)); ^~~ drivers/hwmon/lm85.c:1469:6: warning: Value stored to 'address' during its initialization is never read [clang-analyzer-deadcode.DeadStores] int address = client->addr; ^~~ drivers/hwmon/lm85.c:1469:6: note: Value stored to 'address' during its initialization is never read int address = client->addr; ^~~ Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 46 warnings generated. drivers/hwmon/adm1029.c:164:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index])); ^~~ drivers/hwmon/adm1029.c:164:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index])); ^~~ drivers/hwmon/adm1029.c:177:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "0\n"); ^~~ drivers/hwmon/adm1029.c:177:10: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "0\n"); ^~~ drivers/hwmon/adm1029.c:182:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks intr
[kbuild] drivers/net/ethernet/xilinx/ll_temac_main.c:1257:10: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the
CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: Arnd Bergmann CC: Masahiro Yamada CC: Alex Shi CC: Nick Desaulniers CC: Miguel Ojeda CC: Nathan Chancellor tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 787af64d05cd528aac9ad16752d11bb1c6061bb9 commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11 date: 3 weeks ago :: branch date: 15 hours ago :: commit date: 3 weeks ago config: arm-randconfig-c002-20220330 (https://download.01.org/0day-ci/archive/20220331/202203312148.3vraxwar-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot clang-analyzer warnings: (new ones prefixed by >>) ^~ lib/memcpy_kunit.c:270:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset_startat(&dest, 0x79, four); ^ include/linux/string.h:290:2: note: expanded from macro 'memset_startat' memset(__ptr + offsetof(typeof(*(obj)), member), __val, \ ^~ lib/memcpy_kunit.c:270:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset_startat(&dest, 0x79, four); ^ include/linux/string.h:290:2: note: expanded from macro 'memset_startat' memset(__ptr + offsetof(typeof(*(obj)), member), __val, \ ^~ Suppressed 30 warnings (30 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 32 warnings generated. drivers/char/xillybus/xillybus_class.c:66:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(unit->name, UNITNAMELEN, "%s", prefix); ^~~~ drivers/char/xillybus/xillybus_class.c:66:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(unit->name, UNITNAMELEN, "%s", prefix); ^~~~ drivers/char/xillybus/xillybus_class.c:69:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(unit->name, UNITNAMELEN, "%s_%02d", ^~~~ drivers/char/xillybus/xillybus_class.c:69:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(unit->name, UNITNAMELEN, "%s_%02d", ^~~~ drivers/char/xillybus/xillybus_class.c:118:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-anal