Hi Amitanand, On Fri, Aug 07, 2020 at 08:01:47PM +0530, Amitanand N Chikorde wrote: > Fixed below systemd codesonar warnings. > 1. isprint() and isspace() is invoked here with an argument of signed > type char, but only has defined behavior for int arguments that are > either representable as unsigned char or equal to the value > of macro EOF(-1). > > As per codesonar report, in a number of libc implementations, isprint() > and isspace() functions implemented using lookup tables (arrays): > passing in a negative value can result in a read underrun. > > To avoid this unexpected behaviour, typecasted char type argument to > unsigned char type. > > 2. "seqnum" defined, not initialized & used in device-private.c > Intialized "seqnum" at definition. > > Signed-off-by: Amitanand <amitanand.chiko...@kpit.com> > --- > .../systemd/systemd_codesonar_warnings_fix.patch | 105 > +++++++++++++++++++++ > meta/recipes-core/systemd/systemd_245.6.bb | 1 + > 2 files changed, 106 insertions(+) > create mode 100644 > meta/recipes-core/systemd/systemd/systemd_codesonar_warnings_fix.patch > > diff --git > a/meta/recipes-core/systemd/systemd/systemd_codesonar_warnings_fix.patch > b/meta/recipes-core/systemd/systemd/systemd_codesonar_warnings_fix.patch > new file mode 100644 > index 0000000..a62f968 > --- /dev/null > +++ b/meta/recipes-core/systemd/systemd/systemd_codesonar_warnings_fix.patch > @@ -0,0 +1,105 @@ > +systemd: fix codesonar warnings > + > +Fixed below systemd codesonar warnings. > +1. isprint() and isspace() is invoked here with an argument of signed > +type char, but only has defined behavior for int arguments that are > +either representable as unsigned char or equal to the value > +of macro EOF(-1). > + > +As per codesonar report, in a number of libc implementations, isprint() > +and isspace() functions implemented using lookup tables (arrays): > +passing in a negative value can result in a read underrun. > + > +To avoid this unexpected behaviour, typecasted char type argument to > +unsigned char type. > + > +2. "seqnum" defined, not initialized & used in device-private.c > +Intialized "seqnum" at definition. > + > +Upstream-Status: Pending
Part of 1. is a backport: https://github.com/systemd/systemd/commit/e7e954243a17cceb5278aac6249ee0dcc119b1eb so please backport the patch entirely. And make separate patch(es) for the rest if they aren't already merged upstream. As for the content of the patch (if it's a patch candidate), I'll let maintainers decide/review. > +Signed-off-by: Amitanand N. Chikorde <amitanand.chiko...@kpit.com> > + > +--- origcode/src/libsystemd/sd-device/device-private.c 2020-07-09 > 18:05:13.744127907 +0530 > ++++ modifcode/src/libsystemd/sd-device/device-private.c 2020-07-09 > 18:01:56.494621945 +0530 Does this patch even apply correctly? c.f. origcode/modifcode Cheers, Quentin
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141295): https://lists.openembedded.org/g/openembedded-core/message/141295 Mute This Topic: https://lists.openembedded.org/mt/76024883/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
