Hello Alexander Graf,
The patch b9873755a6c8: "misc: Add Nitro Secure Module driver" from
Oct 11, 2023 (linux-next), leads to the following Smatch static
checker warning:
drivers/misc/nsm.c:137 cbor_object_get_array()
warn: duplicate check 'cbor_object_size < array_offset' (previous on line 114)
drivers/misc/nsm.c
97 static int cbor_object_get_array(u8 *cbor_object, size_t cbor_object_size, u8 **cbor_array)
98 {
99 u8 cbor_short_size;
100 void *array_len_p;
101 u64 array_len;
102 u64 array_offset;
103
104 if (!cbor_object_is_array(cbor_object, cbor_object_size))
105 return -EFAULT;
106
107 cbor_short_size = (cbor_object[0] & 0x1F);
108
109 /* Decoding byte array length */
110 array_offset = CBOR_HEADER_SIZE_SHORT;
111 if (cbor_short_size >= CBOR_LONG_SIZE_U8)
112 array_offset += BIT(cbor_short_size - CBOR_LONG_SIZE_U8);
113
114 if (cbor_object_size < array_offset)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
checked here.
115 return -EFAULT;
116
117 array_len_p = &cbor_object[1];
118
119 switch (cbor_short_size) {
120 case CBOR_SHORT_SIZE_MAX_VALUE: /* short encoding */
121 array_len = cbor_short_size;
122 break;
123 case CBOR_LONG_SIZE_U8:
124 array_len = *(u8 *)array_len_p;
125 break;
126 case CBOR_LONG_SIZE_U16:
127 array_len = be16_to_cpup((__be16 *)array_len_p);
128 break;
129 case CBOR_LONG_SIZE_U32:
130 array_len = be32_to_cpup((__be32 *)array_len_p);
131 break;
132 case CBOR_LONG_SIZE_U64:
133 array_len = be64_to_cpup((__be64 *)array_len_p);
134 break;
135 }
136
--> 137 if (cbor_object_size < array_offset)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Checked again.
138 return -EFAULT;
139
140 if (cbor_object_size - array_offset < array_len)
141 return -EFAULT;
142
143 if (array_len > INT_MAX)
144 return -EFAULT;
145
146 *cbor_array = cbor_object + array_offset;
147 return array_len;
148 }
regards,
dan carpenter
