[PATCH 2/8] ASoC: SOF: ipc3: add checks to prevent static analysis warnings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



make KCFLAGS='-fanalyzer' sound/soc/sof/ reports an issue with memcpy:

sound/soc/sof/ipc3.c: In function ‘ipc3_wait_tx_done’:
sound/soc/sof/ipc3.c:309:33: error: use of NULL ‘reply_data’ where
non-null expected [CWE-476] [-Werror=analyzer-null-argument]

  309 |                        memcpy(reply_data, msg->reply_data,
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  310 |                               msg->reply_size);

The finding is legit with this call:
    return sof_ipc3_tx_msg(sdev, &pm_ctx, sizeof(pm_ctx), NULL, 0, false);

Static analysis has no way of knowing that the reply will be zero-sized.

Add a check to only do the memcpy if the reply size is not zero and
the destination pointer is not NULL.

Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@xxxxxxxxxxxxxxx>
Reviewed-by: Rander Wang <rander.wang@xxxxxxxxx>
Reviewed-by: Daniel Baluta <daniel.baluta@xxxxxxx>
Reviewed-by: Yaochun Hung <yc.hung@xxxxxxxxxxxx>
---
 sound/soc/sof/ipc3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c
index 2c5aac31e8b0..09834205b119 100644
--- a/sound/soc/sof/ipc3.c
+++ b/sound/soc/sof/ipc3.c
@@ -312,7 +312,7 @@ static int ipc3_wait_tx_done(struct snd_sof_ipc *ipc, void *reply_data)
 		} else {
 			if (sof_debug_check_flag(SOF_DBG_PRINT_IPC_SUCCESS_LOGS))
 				ipc3_log_header(sdev->dev, "ipc tx succeeded", hdr->cmd);
-			if (msg->reply_size)
+			if (reply_data && msg->reply_size)
 				/* copy the data returned from DSP */
 				memcpy(reply_data, msg->reply_data,
 				       msg->reply_size);
-- 
2.39.2




[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux