[Bug 1975848] [NEW] gcc11 shows (maybe false positive) error about array-bounds
frank
1975848 at bugs.launchpad.net
Thu May 26 15:38:37 UTC 2022
Public bug reported:
I've noticed some errors (maybe false positives) with mt6625 wifi driver
[1] in gcc11 (gcc10 does not show this error)
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c: In function '_stp_btm_put_dump_to_nl':
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:139:34: error: array subscript 'STP_PACKET_T {aka struct stp_dbg_pkt}[0]' is partly outside array bounds of 'UINT8[2048]' {aka 'unsigned char[2048]'} [-Werror=array-bounds]
139 | len = pkt->hdr.len;
| ^~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:116:22: note: while referencing 'buf'
116 | static UINT8 buf[2048];
| ^~~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c: In function '_stp_btm_handler':
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:257:33: error: array subscript 'STP_PACKET_T {aka struct stp_dbg_pkt}[0]' is partly outside array bounds of 'UINT8[2048]' {aka 'unsigned char[2048]'} [-Werror=array-bounds]
257 | memcpy(&tmp[0], pkt->raw, pkt->hdr.len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:239:22: note: while referencing 'buf'
239 | static UINT8 buf[2048];
| ^~~
imho buffer is large enough
#define STP_DMP_SZ 16
typedef struct stp_dbg_pkt_hdr {
/* packet information */
unsigned int sec;
unsigned int usec;
unsigned int dbg_type;
unsigned int dmy;
unsigned int no;
unsigned int dir;
/* packet content */
unsigned int type;
unsigned int len;
unsigned int ack;
unsigned int seq;
unsigned int chs;
unsigned int crc;
} STP_DBG_HDR_T;
typedef struct stp_dbg_pkt {
struct stp_dbg_pkt_hdr hdr;
unsigned char raw[STP_DMP_SZ];
} STP_PACKET_T;
so we have 12 x uint32 + 16 = 62 bytes, buffer is 2028, i guess the
error comes because array is defined as bytes and types are uint32 so
using 4 array-elements each
[1]
https://github.com/frank-w/BPI-R2-4.14/blob/5.18-main/drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c#L138
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: gcc-11-arm-linux-gnueabihf 11.2.0-17ubuntu1cross1
ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30
Uname: Linux 5.15.0-30-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: GNOME-Flashback:GNOME
Date: Thu May 26 17:35:04 2022
InstallationDate: Installed on 2022-05-22 (4 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: gcc-11-cross
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: gcc-11-cross (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-11-cross in Ubuntu.
https://bugs.launchpad.net/bugs/1975848
Title:
gcc11 shows (maybe false positive) error about array-bounds
Status in gcc-11-cross package in Ubuntu:
New
Bug description:
I've noticed some errors (maybe false positives) with mt6625 wifi
driver [1] in gcc11 (gcc10 does not show this error)
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c: In function '_stp_btm_put_dump_to_nl':
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:139:34: error: array subscript 'STP_PACKET_T {aka struct stp_dbg_pkt}[0]' is partly outside array bounds of 'UINT8[2048]' {aka 'unsigned char[2048]'} [-Werror=array-bounds]
139 | len = pkt->hdr.len;
| ^~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:116:22: note: while referencing 'buf'
116 | static UINT8 buf[2048];
| ^~~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c: In function '_stp_btm_handler':
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:257:33: error: array subscript 'STP_PACKET_T {aka struct stp_dbg_pkt}[0]' is partly outside array bounds of 'UINT8[2048]' {aka 'unsigned char[2048]'} [-Werror=array-bounds]
257 | memcpy(&tmp[0], pkt->raw, pkt->hdr.len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c:239:22: note: while referencing 'buf'
239 | static UINT8 buf[2048];
| ^~~
imho buffer is large enough
#define STP_DMP_SZ 16
typedef struct stp_dbg_pkt_hdr {
/* packet information */
unsigned int sec;
unsigned int usec;
unsigned int dbg_type;
unsigned int dmy;
unsigned int no;
unsigned int dir;
/* packet content */
unsigned int type;
unsigned int len;
unsigned int ack;
unsigned int seq;
unsigned int chs;
unsigned int crc;
} STP_DBG_HDR_T;
typedef struct stp_dbg_pkt {
struct stp_dbg_pkt_hdr hdr;
unsigned char raw[STP_DMP_SZ];
} STP_PACKET_T;
so we have 12 x uint32 + 16 = 62 bytes, buffer is 2028, i guess the
error comes because array is defined as bytes and types are uint32 so
using 4 array-elements each
[1]
https://github.com/frank-w/BPI-R2-4.14/blob/5.18-main/drivers/misc/mediatek/connectivity/common/conn_soc/core/btm_core.c#L138
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: gcc-11-arm-linux-gnueabihf 11.2.0-17ubuntu1cross1
ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30
Uname: Linux 5.15.0-30-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: GNOME-Flashback:GNOME
Date: Thu May 26 17:35:04 2022
InstallationDate: Installed on 2022-05-22 (4 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: gcc-11-cross
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-11-cross/+bug/1975848/+subscriptions
More information about the foundations-bugs
mailing list