[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: MISRA C:2012 D4.11 caution on staging
On 11/10/2023 01:01, Stefano Stabellini wrote: Hey Julien, please double-check what I am writing below Hi Stefano, On Tue, 10 Oct 2023, Nicola Vetrini wrote:Hi, as you can see from [1], there's a MISRA C guideline, D4.11, that is supposed to be clean (i.e., have no reports), but has a caution on an argument to memcpy (the second argument might be null according to the checker, given a set of assumptions on the control flow). To access the report just click on the second link in the log, which should take you to a webpage with a list of MISRA guidelines. Click on D4.11 and you'll see the full report, which I pasted below for convenience. If the finding is genuine, then some countermeasure needs to be taken against this possible bug, otherwise it needs to be motivated why the field config->handle can't be null at that point. The finding is likely the result of an improvement made to the checker, because the first analysis I can see that spots it happened when rc1 has been tagged, but that commit does not touch the involved files. [1] https://gitlab.com/xen-project/xen/-/jobs/5251222578 caution for MC3R1.D4.11 untagged xen/common/domain.c:758.27-758.40: [59] null pointer passed as 2nd argument to memory copy functionThis looks like a genuine issue: in domain_create, config->handle could be uninitialized. For example, domain_create can be called from xen/arch/arm/domain_build.c:create_domUs, passing &d_cfg, and I don't see where we initialize d_cfg.handle. This was just by code inspection. Julien, did I miss anything? cfg->handle is an embedded array. It will get automatically initialized to zero as we are using: d_cfg = { ... }; Now, looking through the steps of the analysis [1], there is something odd. The code looks like this: if ( !is_idle_domain(d) ) ... if ( err = arch_domain_create(... ) != 0 ) ... init_status |= ... if ( !is_idle_domain() ) ...One the first if, Eclair assumes that the domain is equal to 32767 (e.g. idle domain): [27] field 'domain_id' is equal to 32767 But then on third if, we have: [30] assuming field 'domain_id' is not equal to 32767; taking true branch So the question is why did Eclair think 'domain_id' changed? Cheers,[1] https://saas.eclairit.com:3787/fs/var/local/eclair/xen-project.ecdf/xen-project/xen/ECLAIR_normal/4.18.0-rc2/ARM64/5251222578/PROJECT.ecd;/sources/xen/common/domain.c.html#{%22select%22:true,%22selection%22:{%22hiddenAreaKinds%22:[],%22hiddenSubareaKinds%22:[],%22show%22:false,%22selector%22:{%22enabled%22:true,%22negated%22:true,%22kind%22:0,%22domain%22:%22kind%22,%22inputs%22:[{%22enabled%22:true,%22text%22:%22caution%22}]}}} Here it detects -- Julien Grall
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |