The following issues were found
tools/testing/selftests/timers/mqueue-lat.c
1 issues
Line: 78
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
clock_gettime(CLOCK_MONOTONIC, &start);
for (i = 0; i < count; i++) {
char buf[attr.mq_msgsize];
clock_gettime(CLOCK_REALTIME, &now);
target = now;
target = timespec_add(now, TARGET_TIMEOUT); /* 100ms */
Reported by FlawFinder.
tools/testing/selftests/timens/exec.c
1 issues
Line: 66
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return pr_perror("fork");
if (pid == 0) {
char now_str[64];
char *cargv[] = {"exec", now_str, NULL};
char *cenv[] = {NULL};
/* Check that a child process is in the new timens. */
for (i = 0; i < 2; i++) {
Reported by FlawFinder.
virt/kvm/coalesced_mmio.c
1 issues
Line: 88
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ring->coalesced_mmio[insert].phys_addr = addr;
ring->coalesced_mmio[insert].len = len;
memcpy(ring->coalesced_mmio[insert].data, val, len);
ring->coalesced_mmio[insert].pio = dev->zone.pio;
smp_wmb();
ring->last = (insert + 1) % KVM_COALESCED_MMIO_MAX;
spin_unlock(&dev->kvm->ring_lock);
return 0;
Reported by FlawFinder.
tools/testing/selftests/timers/alarmtimer-suspend.c
1 issues
Line: 169
Column: 10
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int ret;
sleep(3);
ret = system("echo mem > /sys/power/state");
if (ret)
break;
}
timer_delete(tm1);
}
Reported by FlawFinder.
tools/testing/selftests/timens/gettime_perf.c
1 issues
Line: 84
Column: 9
CWE codes:
362
if (unshare_timens())
return 1;
nsfd = open("/proc/self/ns/time_for_children", O_RDONLY);
if (nsfd < 0)
return pr_perror("Can't open a time namespace");
if (_settime(CLOCK_MONOTONIC, offset))
return 1;
Reported by FlawFinder.
tools/testing/vsock/vsock_diag_test.c
1 issues
Line: 527
Column: 13
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
init_signals();
for (;;) {
int opt = getopt_long(argc, argv, optstring, longopts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
tools/testing/vsock/control.c
1 issues
Line: 116
Column: 16
CWE codes:
126
/* Write a line to the control socket */
void control_writeln(const char *str)
{
ssize_t len = strlen(str);
ssize_t ret;
timeout_begin(TIMEOUT);
do {
Reported by FlawFinder.
fs/gfs2/export.c
1 issues
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (inum != gnfd->inum.no_addr)
return 0;
memcpy(gnfd->name, name, length);
gnfd->name[length] = 0;
return 1;
}
Reported by FlawFinder.
drivers/virt/acrn/acrn_drv.h
1 issues
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @priv: Data for the thread
*/
struct acrn_ioreq_client {
char name[ACRN_NAME_LEN];
struct acrn_vm *vm;
struct list_head list;
bool is_default;
unsigned long flags;
struct list_head range_list;
Reported by FlawFinder.
include/linux/netfs.h
1 issues
Line: 186
Column: 8
CWE codes:
120
20
void (*end_operation)(struct netfs_cache_resources *cres);
/* Read data from the cache */
int (*read)(struct netfs_cache_resources *cres,
loff_t start_pos,
struct iov_iter *iter,
bool seek_data,
netfs_io_terminated_t term_func,
void *term_func_priv);
Reported by FlawFinder.