Hi Dan, kernel test robot noticed the following build warnings: [auto build test WARNING on net/main] url: https://github.com/intel-lab-lkp/linux/commits/Dan-Carpenter/xfrm-fix-integer-overflow-in-xfrm_replay_state_esn_len/20250121-191827 base: net/main patch link: https://lore.kernel.org/r/018ecf13-e371-4b39-8946-c7510baf916b%40stanley.mountain patch subject: [PATCH net] xfrm: fix integer overflow in xfrm_replay_state_esn_len() config: i386-randconfig-016-20250201 (https://download.01.org/0day-ci/archive/20250201/202502010449.iTcpQDX9-lkp@xxxxxxxxx/config) compiler: gcc-11 (Debian 11.3.0-12) 11.3.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250201/202502010449.iTcpQDX9-lkp@xxxxxxxxx/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202502010449.iTcpQDX9-lkp@xxxxxxxxx/ All warnings (new ones prefixed by >>): In file included from include/linux/string.h:389, from arch/x86/include/asm/page_32.h:18, from arch/x86/include/asm/page.h:14, from arch/x86/include/asm/thread_info.h:12, from include/linux/thread_info.h:60, from include/linux/spinlock.h:60, from include/net/xfrm.h:7, from net/xfrm/xfrm_replay.c:10: In function 'memcmp', inlined from 'xfrm_replay_notify_bmp' at net/xfrm/xfrm_replay.c:336:7: >> include/linux/fortify-string.h:120:33: warning: '__builtin_memcmp_eq' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overread] 120 | #define __underlying_memcmp __builtin_memcmp | ^ include/linux/fortify-string.h:727:16: note: in expansion of macro '__underlying_memcmp' 727 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'xfrm_replay_notify_bmp': net/xfrm/xfrm_replay.c:308:39: note: source object allocated here 308 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; | ^~~~~~~~~~ In file included from include/linux/string.h:389, from arch/x86/include/asm/page_32.h:18, from arch/x86/include/asm/page.h:14, from arch/x86/include/asm/thread_info.h:12, from include/linux/thread_info.h:60, from include/linux/spinlock.h:60, from include/net/xfrm.h:7, from net/xfrm/xfrm_replay.c:10: In function 'memcmp', inlined from 'xfrm_replay_notify_esn' at net/xfrm/xfrm_replay.c:402:7: >> include/linux/fortify-string.h:120:33: warning: '__builtin_memcmp_eq' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overread] 120 | #define __underlying_memcmp __builtin_memcmp | ^ include/linux/fortify-string.h:727:16: note: in expansion of macro '__underlying_memcmp' 727 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'xfrm_replay_notify_esn': net/xfrm/xfrm_replay.c:360:39: note: source object allocated here 360 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; | ^~~~~~~~~~ vim +/__builtin_memcmp_eq +120 include/linux/fortify-string.h 78a498c3a227f2 Alexander Potapenko 2022-10-24 118 78a498c3a227f2 Alexander Potapenko 2022-10-24 119 #define __underlying_memchr __builtin_memchr 78a498c3a227f2 Alexander Potapenko 2022-10-24 @120 #define __underlying_memcmp __builtin_memcmp a28a6e860c6cf2 Francis Laniel 2021-02-25 121 #define __underlying_strcat __builtin_strcat a28a6e860c6cf2 Francis Laniel 2021-02-25 122 #define __underlying_strcpy __builtin_strcpy a28a6e860c6cf2 Francis Laniel 2021-02-25 123 #define __underlying_strlen __builtin_strlen a28a6e860c6cf2 Francis Laniel 2021-02-25 124 #define __underlying_strncat __builtin_strncat a28a6e860c6cf2 Francis Laniel 2021-02-25 125 #define __underlying_strncpy __builtin_strncpy 2e577732e8d28b Andrey Konovalov 2024-05-17 126 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
