The following issues were found
drivers/video/fbdev/via/hw.c
1 issues
Line: 907
Column: 10
CWE codes:
126
while (next) {
next = false;
for (i = 0; i < ARRAY_SIZE(device_mapping); i++) {
len = strlen(device_mapping[i].name);
if (!strncmp(ptr, device_mapping[i].name, len)) {
odev |= device_mapping[i].device;
ptr += len;
if (*ptr == ',') {
ptr++;
Reported by FlawFinder.
fs/erofs/erofs_fs.h
1 issues
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 e_name_index; /* attribute name index */
__le16 e_value_size; /* size of attribute value */
/* followed by e_name and e_value */
char e_name[0]; /* attribute name */
};
static inline unsigned int erofs_xattr_ibody_size(__le16 i_xattr_icount)
{
if (!i_xattr_icount)
Reported by FlawFinder.
fs/xfs/libxfs/xfs_da_format.h
1 issues
Line: 727
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp);
return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)];
}
static inline xfs_attr_leaf_name_remote_t *
xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx)
{
Reported by FlawFinder.
fs/xfs/libxfs/xfs_dir2.c
1 issues
Line: 327
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!args->value)
return -ENOMEM;
memcpy(args->value, name, len);
args->valuelen = len;
return -EEXIST;
}
/*
Reported by FlawFinder.
fs/erofs/data.c
1 issues
Line: 181
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vsrc = kmap_atomic(ipage);
vto = kmap_atomic(page);
memcpy(vto, vsrc + blkoff, map.m_plen);
memset(vto + map.m_plen, 0, PAGE_SIZE - map.m_plen);
kunmap_atomic(vto);
kunmap_atomic(vsrc);
flush_dcache_page(page);
Reported by FlawFinder.
fs/efs/super.c
1 issues
Line: 187
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(i = 0; i < NVDIR; i++) {
int j;
char name[VDNAMESIZE+1];
for(j = 0; j < VDNAMESIZE; j++) {
name[j] = vh->vh_vd[i].vd_name[j];
}
name[j] = (char) 0;
Reported by FlawFinder.
fs/efivarfs/file.c
1 issues
Line: 100
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (size)
goto out_free;
memcpy(data, &attributes, sizeof(attributes));
size = simple_read_from_buffer(userbuf, count, ppos,
data, datasize + sizeof(attributes));
out_free:
kfree(data);
Reported by FlawFinder.
fs/ecryptfs/read_write.c
1 issues
Line: 161
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* pos >= offset, we are now writing the data request */
if (pos >= offset) {
memcpy(((char *)ecryptfs_page_virt
+ start_offset_in_page),
(data + data_offset), num_bytes);
data_offset += num_bytes;
}
kunmap_atomic(ecryptfs_page_virt);
Reported by FlawFinder.
fs/ecryptfs/messaging.c
1 issues
Line: 106
CWE codes:
908
{
int rc;
hlist_for_each_entry(*daemon,
&ecryptfs_daemon_hash[ecryptfs_current_euid_hash()],
euid_chain) {
if (uid_eq((*daemon)->file->f_cred->euid, current_euid())) {
rc = 0;
goto out;
Reported by Cppcheck.
fs/dlm/requestqueue.c
1 issues
Line: 45
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->recover_seq = ls->ls_recover_seq & 0xFFFFFFFF;
e->nodeid = nodeid;
memcpy(&e->request, ms, ms->m_header.h_length);
mutex_lock(&ls->ls_requestqueue_mutex);
list_add_tail(&e->list, &ls->ls_requestqueue);
mutex_unlock(&ls->ls_requestqueue_mutex);
}
Reported by FlawFinder.