net/bluetooth/hci_event.c | 3 +++ 1 file changed, 3 insertions(+)
From: Arnd Bergmann <arnd@arndb.de>
Turning on -Wstringop-overflow globally exposed a misleading compiler
warning in bluetooth:
net/bluetooth/hci_event.c: In function 'hci_cc_read_class_of_dev':
net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
524 | memcpy(hdev->dev_class, rp->dev_class, 3);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem here is the check for hdev being NULL in bt_dev_dbg() that
leads the compiler to conclude that hdev->dev_class might be an invalid
pointer access.
Add another explicit check for the same condition to make sure gcc sees
this cannot happen.
Fixes: a9de9248064b ("[Bluetooth] Switch from OGF+OCF to using only opcodes")
Fixes: 1b56c90018f0 ("Makefile: Enable -Wstringop-overflow globally")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
net/bluetooth/hci_event.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5b6fd625fc09..5651e96e78da 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -516,6 +516,9 @@ static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
{
struct hci_rp_read_class_of_dev *rp = data;
+ if (WARN_ON(!hdev))
+ return -ENXIO;
+
bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
if (rp->status)
--
2.39.2Hi Arnd,
kernel test robot noticed the following build warnings:
url: https://github.com/intel-lab-lkp/linux/commits/Arnd-Bergmann/Bluetooth-hci_event-shut-up-a-false-positive-warning/20231123-112143
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
patch link: https://lore.kernel.org/r/20231122221805.3139482-1-arnd%40kernel.org
patch subject: [PATCH] Bluetooth: hci_event: shut up a false-positive warning
config: i386-randconfig-141-20231123 (https://download.01.org/0day-ci/archive/20231124/202311241707.qytKwxbE-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231124/202311241707.qytKwxbE-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202311241707.qytKwxbE-lkp@intel.com/
New smatch warnings:
net/bluetooth/hci_event.c:520 hci_cc_read_class_of_dev() warn: signedness bug returning '(-6)'
Old smatch warnings:
net/bluetooth/hci_event.c:3278 hci_conn_request_evt() warn: variable dereferenced before check 'hdev' (see line 3268)
vim +520 net/bluetooth/hci_event.c
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 514 static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 515 struct sk_buff *skb)
a9de9248064bfc Marcel Holtmann 2007-10-20 516 {
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 517 struct hci_rp_read_class_of_dev *rp = data;
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 518
5f3aa66f201253 Arnd Bergmann 2023-11-22 519 if (WARN_ON(!hdev))
5f3aa66f201253 Arnd Bergmann 2023-11-22 @520 return -ENXIO;
This function returns u8.
5f3aa66f201253 Arnd Bergmann 2023-11-22 521
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 522 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
a9de9248064bfc Marcel Holtmann 2007-10-20 523
a9de9248064bfc Marcel Holtmann 2007-10-20 524 if (rp->status)
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 525 return rp->status;
a9de9248064bfc Marcel Holtmann 2007-10-20 526
a9de9248064bfc Marcel Holtmann 2007-10-20 527 memcpy(hdev->dev_class, rp->dev_class, 3);
a9de9248064bfc Marcel Holtmann 2007-10-20 528
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 529 bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2],
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 530 hdev->dev_class[1], hdev->dev_class[0]);
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 531
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 532 return rp->status;
a9de9248064bfc Marcel Holtmann 2007-10-20 533 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
© 2016 - 2025 Red Hat, Inc.