The following issues were found
mm/memfd.c
1 issues
Line: 281
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!name)
return -ENOMEM;
strcpy(name, MFD_NAME_PREFIX);
if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) {
error = -EFAULT;
goto err_name;
}
Reported by FlawFinder.
mm/memory_hotplug.c
1 issues
Line: 1214
Column: 20
CWE codes:
126
if (!resource_name ||
strstr(resource_name, "System RAM (") != resource_name ||
resource_name[strlen(resource_name) - 1] != ')')
return -EINVAL;
lock_device_hotplug();
res = register_memory_resource(start, size, resource_name);
Reported by FlawFinder.
mm/mempool.c
1 issues
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(new_elements);
goto out;
}
memcpy(new_elements, pool->elements,
pool->curr_nr * sizeof(*new_elements));
kfree(pool->elements);
pool->elements = new_elements;
pool->min_nr = new_min_nr;
Reported by FlawFinder.
include/uapi/linux/cm4000_cs.h
1 issues
Line: 18
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct atreq {
__s32 atr_len;
unsigned char atr[64];
__s32 power_act;
unsigned char bIFSD;
unsigned char bIFSC;
} atreq_t;
Reported by FlawFinder.
net/netfilter/xt_hashlimit.c
1 issues
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to->srcmask = cfg->srcmask;
to->dstmask = cfg->dstmask;
} else if (revision == 3) {
memcpy(to, from, sizeof(struct hashlimit_cfg3));
} else {
return -EINVAL;
}
return 0;
Reported by FlawFinder.
include/uapi/linux/cdrom.h
1 issues
Line: 284
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* for CDROM_PACKET_COMMAND ioctl */
struct cdrom_generic_command
{
unsigned char cmd[CDROM_PACKET_SIZE];
unsigned char __user *buffer;
unsigned int buflen;
int stat;
struct request_sense __user *sense;
unsigned char data_direction;
Reported by FlawFinder.
mm/percpu-internal.h
1 issues
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static inline void pcpu_stats_save_ai(const struct pcpu_alloc_info *ai)
{
memcpy(&pcpu_stats_ai, ai, sizeof(struct pcpu_alloc_info));
/* initialize min_alloc_size to unit_size */
pcpu_stats.min_alloc_size = pcpu_stats_ai.unit_size;
}
Reported by FlawFinder.
include/uapi/linux/can/netlink.h
1 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Used for calculating and checking bit-timing parameters
*/
struct can_bittiming_const {
char name[16]; /* Name of the CAN controller hardware */
__u32 tseg1_min; /* Time segment 1 = prop_seg + phase_seg1 */
__u32 tseg1_max;
__u32 tseg2_min; /* Time segment 2 = phase_seg2 */
__u32 tseg2_max;
__u32 sjw_max; /* Synchronisation jump width */
Reported by FlawFinder.
mm/shuffle.c
1 issues
Line: 17
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static bool shuffle_param;
static int shuffle_show(char *buffer, const struct kernel_param *kp)
{
return sprintf(buffer, "%c\n", shuffle_param ? 'Y' : 'N');
}
static __meminit int shuffle_store(const char *val,
const struct kernel_param *kp)
{
Reported by FlawFinder.
mm/slab.h
1 issues
Line: 79
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* A table of kmalloc cache names and sizes */
extern const struct kmalloc_info_struct {
const char *name[NR_KMALLOC_TYPES];
unsigned int size;
} kmalloc_info[];
#ifndef CONFIG_SLOB
/* Kmalloc array related functions */
Reported by FlawFinder.