The following issues were found
include/linux/pstore_zone.h
1 issues
Line: 51
Column: 22
CWE codes:
120
20
unsigned long pmsg_size;
unsigned long console_size;
unsigned long ftrace_size;
pstore_zone_read_op read;
pstore_zone_write_op write;
pstore_zone_erase_op erase;
pstore_zone_write_op panic_write;
};
Reported by FlawFinder.
fs/befs/befs.h
1 issues
Line: 73
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
befs_data_stream ds;
char symlink[BEFS_SYMLINK_LEN];
} i_data;
struct inode vfs_inode;
};
Reported by FlawFinder.
include/linux/ptp_clock_kernel.h
1 issues
Line: 140
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ptp_clock_info {
struct module *owner;
char name[PTP_CLOCK_NAME_LEN];
s32 max_adj;
int n_alarm;
int n_ext_ts;
int n_per_out;
int n_pins;
Reported by FlawFinder.
drivers/video/fbdev/tmiofb.c
1 issues
Line: 714
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
info->fbops = &tmiofb_ops;
strcpy(info->fix.id, "tmio-fb");
info->fix.smem_start = vram->start;
info->fix.smem_len = resource_size(vram);
info->fix.type = FB_TYPE_PACKED_PIXELS;
info->fix.visual = FB_VISUAL_TRUECOLOR;
info->fix.mmio_start = lcr->start;
Reported by FlawFinder.
drivers/video/fbdev/stifb.c
1 issues
Line: 1292
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
var->yres = var->yres_virtual = yres;
var->bits_per_pixel = bpp;
strcpy(fix->id, "stifb");
info->fbops = &stifb_ops;
info->screen_base = ioremap(REGION_BASE(fb,1), fix->smem_len);
if (!info->screen_base) {
printk(KERN_ERR "stifb: failed to map memory\n");
goto out_err0;
Reported by FlawFinder.
include/linux/qed/qede_rdma.h
1 issues
Line: 35
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct qedr_driver {
unsigned char name[32];
struct qedr_dev* (*add)(struct qed_dev *, struct pci_dev *,
struct net_device *);
void (*remove)(struct qedr_dev *);
Reported by FlawFinder.
include/linux/qnx6_fs.h
1 issues
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qnx6_dir_entry {
__fs32 de_inode;
__u8 de_size;
char de_fname[QNX6_SHORT_NAME_MAX];
};
/*
* Longfilename direntries have a different structure
*/
Reported by FlawFinder.
fs/autofs/expire.c
1 issues
Line: 556
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EAGAIN;
pkt.len = dentry->d_name.len;
memcpy(pkt.name, dentry->d_name.name, pkt.len);
pkt.name[pkt.len] = '\0';
if (copy_to_user(pkt_p, &pkt, sizeof(struct autofs_packet_expire)))
ret = -EFAULT;
Reported by FlawFinder.
fs/anon_inodes.c
1 issues
Line: 63
Column: 44
CWE codes:
126
const struct inode *context_inode)
{
struct inode *inode;
const struct qstr qname = QSTR_INIT(name, strlen(name));
int error;
inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
if (IS_ERR(inode))
return inode;
Reported by FlawFinder.
fs/aio.c
1 issues
Line: 675
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!old) {
rcu_assign_pointer(mm->ioctx_table, table);
} else if (table->nr > old->nr) {
memcpy(table->table, old->table,
old->nr * sizeof(struct kioctx *));
rcu_assign_pointer(mm->ioctx_table, table);
kfree_rcu(old, rcu);
} else {
Reported by FlawFinder.