Commit e44222c2 authored by Pierre-Louis Bossart's avatar Pierre-Louis Bossart Committed by Mark Brown

ASoC: SOF: ipc3: add checks to prevent static analysis warnings

make KCFLAGS='-fanalyzer' sound/soc/sof/ reports an issue with memcpy:

sound/soc/sof/ipc3.c: In function ‘ipc3_wait_tx_done’:
sound/soc/sof/ipc3.c:309:33: error: use of NULL ‘reply_data’ where
non-null expected [CWE-476] [-Werror=analyzer-null-argument]

  309 |                        memcpy(reply_data, msg->reply_data,
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  310 |                               msg->reply_size);

The finding is legit with this call:
    return sof_ipc3_tx_msg(sdev, &pm_ctx, sizeof(pm_ctx), NULL, 0, false);

Static analysis has no way of knowing that the reply will be zero-sized.

Add a check to only do the memcpy if the reply size is not zero and
the destination pointer is not NULL.
Signed-off-by: default avatarPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: default avatarRander Wang <rander.wang@intel.com>
Reviewed-by: default avatarDaniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: default avatarYaochun Hung <yc.hung@mediatek.com>
Link: https://lore.kernel.org/r/20230731213748.440285-3-pierre-louis.bossart@linux.intel.comSigned-off-by: default avatarMark Brown <broonie@kernel.org>
parent 390e7066
......@@ -312,7 +312,7 @@ static int ipc3_wait_tx_done(struct snd_sof_ipc *ipc, void *reply_data)
} else {
if (sof_debug_check_flag(SOF_DBG_PRINT_IPC_SUCCESS_LOGS))
ipc3_log_header(sdev->dev, "ipc tx succeeded", hdr->cmd);
if (msg->reply_size)
if (reply_data && msg->reply_size)
/* copy the data returned from DSP */
memcpy(reply_data, msg->reply_data,
msg->reply_size);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment