The following issues were found

net/ceph/auth.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 107 Column: 12 CWE codes: 126 

               */
int ceph_auth_entity_name_encode(const char *name, void **p, void *end)
{
	int len = strlen(name);

	if (*p + 2*sizeof(u32) + len > end)
		return -ERANGE;
	ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT);
	ceph_encode_32(p, len);

Reported by FlawFinder.

net/ceph/auth_none.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct ceph_none_authorizer {
	struct ceph_authorizer base;
	char buf[128];
	int buf_len;
};

struct ceph_auth_none_info {
	bool starting;

Reported by FlawFinder.

net/ceph/auth_x.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 37 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int service;
	u64 nonce;
	u64 secret_id;
	char enc_buf[CEPHX_AU_ENC_BUF_LEN] __aligned(8);
};

struct ceph_x_info {
	struct ceph_crypto_key secret;

Reported by FlawFinder.

net/rds/rds.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 536 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */

struct rds_transport {
	char			t_name[TRANSNAMSIZ];
	struct list_head	t_item;
	struct module		*t_owner;
	unsigned int		t_prefer_loopback:1,
				t_mp_capable:1;
	unsigned int		t_type;

Reported by FlawFinder.

include/trace/events/9p.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 164 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		    __entry->clnt   =  clnt;
		    __entry->type   =  pdu->id;
		    __entry->tag    =  pdu->tag;
		    memcpy(__entry->line, pdu->sdata, P9_PROTO_DUMP_SZ);
		    ),
	    TP_printk("clnt %lu %s(tag = %d)\n%.3x: %16ph\n%.3x: %16ph\n",
		      (unsigned long)__entry->clnt, show_9p_op(__entry->type),
		      __entry->tag, 0, __entry->line, 16, __entry->line + 16)
 );

Reported by FlawFinder.

tools/testing/selftests/x86/sysret_ss_attrs.c
1 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 85 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		 * can be a confusing failure because the SS *selector*
		 * is the same regardless.
		 */
		usleep(2);

#ifdef __x86_64__
		/*
		 * On 32-bit, just doing a syscall through glibc is enough
		 * to cause a crash if our cached SS descriptor is invalid.

Reported by FlawFinder.

tools/testing/selftests/x86/syscall_arg_fault.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 21 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #include "helpers.h"

/* Our sigaltstack scratch space. */
static unsigned char altstack_data[SIGSTKSZ];

static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
		       int flags)
{
	struct sigaction sa;

Reported by FlawFinder.

tools/usb/ffs-aio-example/multibuff/host_app/test.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 169 Column: 19 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	addr = iface->endpoint[0].bEndpointAddress;

	while (1) {
		static unsigned char buffer[BUF_LEN];
		int bytes;
		libusb_bulk_transfer(state.handle, addr, buffer, BUF_LEN,
				     &bytes, 500);
	}
	test_exit(&state);

Reported by FlawFinder.

tools/testing/selftests/x86/single_step_syscall.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 60 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static volatile sig_atomic_t sig_traps, sig_eflags;
sigjmp_buf jmpbuf;
static unsigned char altstack_data[SIGSTKSZ];

#ifdef __x86_64__
# define REG_IP REG_RIP
# define WIDTH "q"
# define INT80_CLOBBERS "r8", "r9", "r10", "r11"

Reported by FlawFinder.

tools/usb/ffs-aio-example/simple/host_app/test.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 170 Column: 19 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	out_addr = iface->endpoint[1].bEndpointAddress;

	while (1) {
		static unsigned char buffer[BUF_LEN];
		int bytes;
		libusb_bulk_transfer(state.handle, in_addr, buffer, BUF_LEN,
				     &bytes, 500);
		libusb_bulk_transfer(state.handle, out_addr, buffer, BUF_LEN,
				     &bytes, 500);

Reported by FlawFinder.