Static analysis warns about unbounded values of 'formats' being passed to calloc. Clamp to the known allowed values.
This also updates the max() macro to avoid 'variable shadowed' warnings. Signed-off-by: Dan Williams <[email protected]> --- ccan/minmax/minmax.h | 8 ++++---- ndctl/lib/libndctl.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ccan/minmax/minmax.h b/ccan/minmax/minmax.h index d111d1bc3809..54f246cc112d 100644 --- a/ccan/minmax/minmax.h +++ b/ccan/minmax/minmax.h @@ -32,10 +32,10 @@ #define max(a, b) \ ({ \ - typeof(a) _a = (a); \ - typeof(b) _b = (b); \ - MINMAX_ASSERT_COMPATIBLE(typeof(_a), typeof(_b)); \ - _a > _b ? _a : _b; \ + typeof(a) __a = (a); \ + typeof(b) __b = (b); \ + MINMAX_ASSERT_COMPATIBLE(typeof(__a), typeof(__b)); \ + __a > __b ? __a : __b; \ }) #define clamp(v, f, c) (max(min((v), (c)), (f))) diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c index 4acebc05d6db..3b34a10fd429 100644 --- a/ndctl/lib/libndctl.c +++ b/ndctl/lib/libndctl.c @@ -1170,7 +1170,7 @@ static void *add_dimm(void *parent, int id, const char *dimm_base) if (sysfs_read_attr(ctx, path, buf) < 0) formats = 1; else - formats = strtoul(buf, NULL, 0); + formats = clamp(strtoul(buf, NULL, 0), 1UL, 2UL); dimm = calloc(1, sizeof(*dimm) + sizeof(int) * formats); if (!dimm) _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
