The following issues were found
include/uapi/asm-generic/ipcbuf.h
1 issues
Line: 30
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__kernel_gid32_t cgid;
__kernel_mode_t mode;
/* pad if mode_t is u16: */
unsigned char __pad1[4 - sizeof(__kernel_mode_t)];
unsigned short seq;
unsigned short __pad2;
__kernel_ulong_t __unused1;
__kernel_ulong_t __unused2;
};
Reported by FlawFinder.
include/trace/events/xen.h
1 issues
Line: 46
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(__entry->op = mc->op;
__entry->nargs = nargs;
memcpy(__entry->args, mc->args, sizeof(ulong) * nargs);
memset(__entry->args + nargs, 0, sizeof(ulong) * (6 - nargs));
),
TP_printk("op %u%s args [%lx, %lx, %lx, %lx, %lx, %lx]",
__entry->op, xen_hypercall_name(__entry->op),
__entry->args[0], __entry->args[1], __entry->args[2],
Reported by FlawFinder.
net/bluetooth/cmtp/cmtp.h
1 issues
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint mtu;
char name[BTNAMSIZ];
atomic_t terminate;
struct task_struct *task;
wait_queue_head_t wait;
Reported by FlawFinder.
net/bluetooth/cmtp/core.c
1 issues
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
BT_DBG("mtu %d", session->mtu);
sprintf(session->name, "%pMR", &session->bdaddr);
session->sock = sock;
session->state = BT_CONFIG;
init_waitqueue_head(&session->wait);
Reported by FlawFinder.
net/bluetooth/ecdh_helper.c
1 issues
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
swap_digits((u64 *)secret, (u64 *)tmp, 4);
memcpy(secret, tmp, 32);
free_all:
kpp_request_free(req);
free_tmp:
kfree_sensitive(tmp);
Reported by FlawFinder.
include/trace/events/thermal.h
1 issues
Line: 113
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_bitmask(cpumask, cpumask_bits(cpus),
num_possible_cpus());
__entry->freq = freq;
memcpy(__get_dynamic_array(load), load,
load_len * sizeof(*load));
__entry->load_len = load_len;
__entry->dynamic_power = dynamic_power;
),
Reported by FlawFinder.
include/trace/events/sunrpc.h
1 issues
Line: 521
Column: 24
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
DEFINE_RPC_REPLY_EVENT(proc_unavail);
DEFINE_RPC_REPLY_EVENT(garbage_args);
DEFINE_RPC_REPLY_EVENT(unparsable);
DEFINE_RPC_REPLY_EVENT(mismatch);
DEFINE_RPC_REPLY_EVENT(stale_creds);
DEFINE_RPC_REPLY_EVENT(bad_creds);
DEFINE_RPC_REPLY_EVENT(auth_tooweak);
#define DEFINE_RPCB_ERROR_EVENT(name) \
Reported by FlawFinder.
net/bluetooth/hci_request.h
1 issues
Line: 133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
eir[eir_len++] = sizeof(type) + data_len;
eir[eir_len++] = type;
memcpy(&eir[eir_len], data, data_len);
eir_len += data_len;
return eir_len;
}
Reported by FlawFinder.
include/trace/events/sock.h
1 issues
Line: 112
Column: 3
CWE codes:
120
),
TP_fast_assign(
strncpy(__entry->name, prot->name, 32);
__entry->sysctl_mem = prot->sysctl_mem;
__entry->allocated = allocated;
__entry->sysctl_rmem = sk_get_rmem0(sk, prot);
__entry->rmem_alloc = atomic_read(&sk->sk_rmem_alloc);
__entry->sysctl_wmem = sk_get_wmem0(sk, prot);
Reported by FlawFinder.
net/rds/info.c
1 issues
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"bytes %lu\n", *iter->pages, iter->addr,
iter->offset, this, data, bytes);
memcpy(iter->addr + iter->offset, data, this);
data += this;
bytes -= this;
iter->offset += this;
Reported by FlawFinder.