Static code analysis #6858
Static code analysis #6858
Conversation
lyakh
requested review from
akloniex,
bkokoszx,
dbaluta,
lbetlej,
lgirdwood,
mmaka1 and
plbossart
as code owners
There was a problem hiding this comment.
I actually wonder if this is what should be done. I'd consider returning an error or clamping the value to the maximum allowed one here.
There was a problem hiding this comment.
@lyakh is this aligning with the other frame formats in selector or should this be done by the caller ?
There was a problem hiding this comment.
this functions returns void
There was a problem hiding this comment.
@lyakh I mean do it here in the caller. This way we can check all users.
static int selector_process(struct processing_module *mod,
struct input_stream_buffer *input_buffers,
int num_input_buffers,
struct output_stream_buffer *output_buffers,
int num_output_buffers)
{
struct comp_data *cd = module_get_private_data(mod);
uint32_t avail_frames = input_buffers[0].size;
comp_dbg(mod->dev, "selector_process()");
if (!avail_frames)
return PPL_STATUS_PATH_STOP;
/* copy selected channels from in to out */
cd->sel_func(mod, input_buffers, output_buffers, avail_frames);
return 0;
}There was a problem hiding this comment.
@lgirdwood I've done almost that. Firstly don't think static analysers would be smart enough to look that far, so we'd have to ignore their complains. Secondly only multi-channel selector processing needs this limitation, not single-channel versions
There was a problem hiding this comment.
Its a cheap check here regardless of single/multi channel and static analysis can be closed for this one.
tools/logger/convert.c
Outdated
There was a problem hiding this comment.
Technically the second one doesn't point to the stack (so it's technically unneeded), but I'd say setting it to null is possibly fine here so I don't actually have an issue with this.
There was a problem hiding this comment.
global_config is not owned by this function so this looks wrong and possibly buggy. Did you test this? sof-logger is not used by Intel on this branch.
There was a problem hiding this comment.
technically inside this function we don't know where the config parameter comes from, but in fact it is on stack in the caller's function. A better fix would be to get rid of those global variables and to pass config as a parameter to all functions.
There was a problem hiding this comment.
@marc-hb this function is called only in one place. And after it completes main() completes too.
tools/logger/logger.c
Outdated
There was a problem hiding this comment.
I've seen another change to this part of the file already (similar in spirit, even). Try not to duplicate work! (edit: not quite, the other PR touches stuff 3 lines above)
paulstelian97
left a comment
paulstelian97
left a comment
There was a problem hiding this comment.
Blocking due to conflicting change with #6846
paulstelian97
dismissed
their stale review
Change isn't actually conflicting, the other PR touches something 3 lines above this one. Not yet approving outright due to the other comments.
lgirdwood
left a comment
lgirdwood
left a comment
There was a problem hiding this comment.
Looks good, but need to check selector.c for right place for src/dst count.
There was a problem hiding this comment.
@lyakh is this aligning with the other frame formats in selector or should this be done by the caller ?
tools/logger/convert.c
Outdated
There was a problem hiding this comment.
@lyakh I guess one alternative would be to make "struct snd_sof_Logs_header snd" a static global variable. Not much cleaner, but potentially less lines to change.
There was a problem hiding this comment.
I'd much rather avoid adding more global variables. We already have a couple in the logger and I think we should remove them
marc-hb
left a comment
marc-hb
left a comment
There was a problem hiding this comment.
A better fix would be to get rid of those global variables and to pass config as a parameter to all functions.
That was more or less the case in the past. Then commit 5b29dae said "enough spaghetti code, let's just use a single global config". But it stopped in the middle of the bridge and left this mess.
I'm trying now a simpler fix that finishes the job and makes a single, global config with a minimal number of lines changed.
Please resubmit this PR without this commit, this PR has too many unrelated commits anyway.
tools/logger/convert.c
Outdated
There was a problem hiding this comment.
This would make the output look weird if ltime is ever NULL but ltime is never going to be NULL because epoc_secs comes straight from time() above which never fails - static analysis just does not know that.
Whatever is required to please the static analysis Gods.
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Done: |
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Fix a case of a possible array overflow, detected by static code analysis. Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Make sure there's at least one channel in the volume configuration. Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Check source and sink channels to avoid accessing beyond array boundaries. Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
localtime() can return NULL in error cases. Check the return value before dereferencing it. Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
With IPC4 only two 32-bit values are copied from the host in the common part, anything beyond that must be copied separately. Those two values are stored in a global msg_data.msg_in object. Therefore always when reading from it only up to 8 bytes should be read. In most cases it is also the case, because the target object has the same size, but in case of SOF_IPC4_MOD_INIT_INSTANCE this isn't the case, there special care must be taken. Also remove a redundant NULL check where NULL cannot appear. Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
| int ret; | ||
|
|
||
| memcpy_s(&cdma, sizeof(cdma), ipc4, sizeof(cdma)); | ||
| memcpy_s(&cdma, sizeof(cdma), ipc4, sizeof(*ipc4)); |
There was a problem hiding this comment.
This is an unchecked memcpy_s call which may fail and I believe in case of failure there's an issue (the destination gets zeroed out, so you need to pay attention to that to avoid bugs like this). If this returns an error you should propagate or assert it doesn't happen (using the non-removable SOF asserts). Ditto on all other memcpy_s calls in this patch.
The reason I'm requesting changes is that if this happens the bug is silent and not obvious. I hate that kind of bug.
There was a problem hiding this comment.
this hasn't been changed by this commit. This commit doesn't increase chances of memcpy_s() to fail
There was a problem hiding this comment.
Can we take the memcpy_s check as a separate patch/PR. This needs to be fixed first.
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
lgirdwood
dismissed
paulstelian97’s stale review
New PR will be created to address updates requested for memcpy_s.
|
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 327a26b) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 2dfaee6) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 327a26b) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 2dfaee6) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 327a26b)
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see thesofproject#6858 and thesofproject#6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 2dfaee6)
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not finish, leaving behind a supposedly "global" variable that is actually a confusing global pointer to a struct local to the main() function. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because the main()'s stack lifespan is the same as a global but let's simplify things anyway. Also stop using 'extern' in .c files, use a proper .h file instead. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 327a26b)
Finish the job that commit 5b29dae ("logger: Create global convert_config variable to avoid spaghetti code.") started but did not complete, leaving a confusing mix of globals and locals. This confuses some static analyzer complaining that stack values are being returned, see #6858 and #6738. This is a false positive because convert's() stack lifespan is practically the same as a global but let's simplify things anyway. Signed-off-by: Marc Herbert <marc.herbert@intel.com> (cherry picked from commit 2dfaee6)
6 participants
more fixes