The following issues were found
fs/ntfs/unistr.c
1 issues
Line: 357
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tc = kmalloc((ns_len + 64) &
~63, GFP_NOFS);
if (tc) {
memcpy(tc, ns, ns_len);
ns_len = ((ns_len + 64) & ~63) - 1;
kfree(ns);
ns = tc;
goto retry;
} /* No memory so goto conversion_error; */
Reported by FlawFinder.
fs/ocfs2/dlm/dlmlock.c
1 issues
Line: 297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
create.cookie = lock->ml.cookie;
create.namelen = res->lockname.len;
create.flags = cpu_to_be32(flags);
memcpy(create.name, res->lockname.name, create.namelen);
tmpret = o2net_send_message(DLM_CREATE_LOCK_MSG, dlm->key, &create,
sizeof(create), res->owner, &status);
if (tmpret >= 0) {
ret = status;
Reported by FlawFinder.
fs/ntfs/lcnalloc.c
1 issues
Line: 336
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"allocate memory.");
goto out;
}
memcpy(rl2, rl, rlsize);
ntfs_free(rl);
rl = rl2;
rlsize += PAGE_SIZE;
ntfs_debug("Reallocated memory, rlsize 0x%x.",
rlsize);
Reported by FlawFinder.
fs/notify/inotify/inotify_fsnotify.c
1 issues
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
event->sync_cookie = cookie;
event->name_len = len;
if (len)
strcpy(event->name, name->name);
ret = fsnotify_add_event(group, fsn_event, inotify_merge, NULL);
if (ret) {
/* Our event wasn't used in the end. Free it. */
fsnotify_destroy_event(group, fsn_event);
Reported by FlawFinder.
fs/nls/nls_utf8.c
1 issues
Line: 12
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static unsigned char identity[256];
static int uni2char(wchar_t uni, unsigned char *out, int boundlen)
{
int n;
Reported by FlawFinder.
fs/nilfs2/recovery.c
1 issues
Line: 485
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
kaddr = kmap_atomic(page);
memcpy(kaddr + bh_offset(bh_org), bh_org->b_data, bh_org->b_size);
kunmap_atomic(kaddr);
brelse(bh_org);
return 0;
}
Reported by FlawFinder.
fs/nilfs2/page.c
1 issues
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kaddr0 = kmap_atomic(spage);
kaddr1 = kmap_atomic(dpage);
memcpy(kaddr1 + bh_offset(dbh), kaddr0 + bh_offset(sbh), sbh->b_size);
kunmap_atomic(kaddr1);
kunmap_atomic(kaddr0);
dbh->b_state = sbh->b_state & NILFS_BUFFER_INHERENT_BITS;
dbh->b_blocknr = sbh->b_blocknr;
Reported by FlawFinder.
fs/ocfs2/dlmfs/userdlm.h
1 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int l_flags;
#define USER_DLM_LOCK_ID_MAX_LEN 32
char l_name[USER_DLM_LOCK_ID_MAX_LEN];
int l_namelen;
int l_level;
unsigned int l_ro_holders;
unsigned int l_ex_holders;
struct ocfs2_dlm_lksb l_lksb;
Reported by FlawFinder.
fs/nilfs2/namei.c
1 issues
Line: 133
Column: 19
CWE codes:
126
{
struct nilfs_transaction_info ti;
struct super_block *sb = dir->i_sb;
unsigned int l = strlen(symname) + 1;
struct inode *inode;
int err;
if (l > sb->s_blocksize)
return -ENAMETOOLONG;
Reported by FlawFinder.
include/linux/slub_def.h
1 issues
Line: 114
Column: 16
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
struct kobject kobj; /* For sysfs */
#endif
#ifdef CONFIG_SLAB_FREELIST_HARDENED
unsigned long random;
#endif
#ifdef CONFIG_NUMA
/*
* Defragmentation by allocating from a remote node.
Reported by FlawFinder.