From e44222c213678d6ef646d72cbb9a2eda52f6dc22 Mon Sep 17 00:00:00 2001 From: Pierre-Louis Bossart Date: Mon, 31 Jul 2023 16:37:42 -0500 Subject: [PATCH] ASoC: SOF: ipc3: add checks to prevent static analysis warnings MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit make KCFLAGS='-fanalyzer' sound/soc/sof/ reports an issue with memcpy: sound/soc/sof/ipc3.c: In function ‘ipc3_wait_tx_done’: sound/soc/sof/ipc3.c:309:33: error: use of NULL ‘reply_data’ where non-null expected [CWE-476] [-Werror=analyzer-null-argument] 309 | memcpy(reply_data, msg->reply_data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 310 | msg->reply_size); The finding is legit with this call: return sof_ipc3_tx_msg(sdev, &pm_ctx, sizeof(pm_ctx), NULL, 0, false); Static analysis has no way of knowing that the reply will be zero-sized. Add a check to only do the memcpy if the reply size is not zero and the destination pointer is not NULL. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Rander Wang Reviewed-by: Daniel Baluta Reviewed-by: Yaochun Hung Link: https://lore.kernel.org/r/20230731213748.440285-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown --- sound/soc/sof/ipc3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c index 2c5aac3..0983420 100644 --- a/sound/soc/sof/ipc3.c +++ b/sound/soc/sof/ipc3.c @@ -312,7 +312,7 @@ static int ipc3_wait_tx_done(struct snd_sof_ipc *ipc, void *reply_data) } else { if (sof_debug_check_flag(SOF_DBG_PRINT_IPC_SUCCESS_LOGS)) ipc3_log_header(sdev->dev, "ipc tx succeeded", hdr->cmd); - if (msg->reply_size) + if (reply_data && msg->reply_size) /* copy the data returned from DSP */ memcpy(reply_data, msg->reply_data, msg->reply_size); -- 2.7.4