The following issues were found

fs/nfsd/lockd.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 36 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* must initialize before using! but maxsize doesn't matter */
	fh_init(&fh,0);
	fh.fh_handle.fh_size = f->size;
	memcpy((char*)&fh.fh_handle.fh_base, f->data, f->size);
	fh.fh_export = NULL;

	nfserr = nfsd_open(rqstp, &fh, S_IFREG, NFSD_MAY_LOCK, filp);
	fh_put(&fh);
 	/* We return nlm error codes as nlm doesn't know

Reported by FlawFinder.

fs/nfsd/blocklayoutxdr.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 138 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	for (i = 0; i < nr_iomaps; i++) {
		struct pnfs_block_extent bex;

		memcpy(&bex.vol_id, p, sizeof(struct nfsd4_deviceid));
		p += XDR_QUADLEN(sizeof(struct nfsd4_deviceid));

		p = xdr_decode_hyper(p, &bex.foff);
		if (bex.foff & (block_size - 1)) {
			dprintk("%s: unaligned offset 0x%llx\n",

Reported by FlawFinder.

fs/nfsd/blocklayout.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 299 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		b->scsi.designator_type = type == 0x02 ?
			PS_DESIGNATOR_EUI64 : PS_DESIGNATOR_NAA;
		b->scsi.designator_len = id_len;
		memcpy(b->scsi.designator, d + 4, id_len);

		/*
		 * If we found a 8 or 12 byte descriptor continue on to
		 * see if a 16 byte one is available.  If we find a
		 * 16 byte descriptor we're done.

Reported by FlawFinder.

fs/ocfs2/suballoc.c
1 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 371 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	}

	memset(bg, 0, sb->s_blocksize);
	strcpy(bg->bg_signature, OCFS2_GROUP_DESC_SIGNATURE);
	bg->bg_generation = cpu_to_le32(osb->fs_generation);
	bg->bg_size = cpu_to_le16(ocfs2_group_bitmap_size(sb, 1,
						osb->s_feature_incompat));
	bg->bg_chain = cpu_to_le16(my_chain);
	bg->bg_next_group = cl->cl_recs[my_chain].c_blkno;

Reported by FlawFinder.

fs/nfs/unlink.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 434 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              nfs_sillyrename(struct inode *dir, struct dentry *dentry)
{
	static unsigned int sillycounter;
	unsigned char silly[SILLYNAME_LEN + 1];
	unsigned long long fileid;
	struct dentry *sdentry;
	struct inode *inode = d_inode(dentry);
	struct rpc_task *task;
	int            error = -EBUSY;

Reported by FlawFinder.

fs/ocfs2/symlink.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 75 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* will be less than a page size */
	len = strnlen(link, ocfs2_fast_symlink_chars(inode->i_sb));
	kaddr = kmap_atomic(page);
	memcpy(kaddr, link, len + 1);
	kunmap_atomic(kaddr);
	SetPageUptodate(page);
	unlock_page(page);
	brelse(bh);
	return 0;

Reported by FlawFinder.

include/linux/mtd/spi-nor.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 333 Column: 12 CWE codes: 120 20 

              	int (*write_reg)(struct spi_nor *nor, u8 opcode, const u8 *buf,
			 size_t len);

	ssize_t (*read)(struct spi_nor *nor, loff_t from, size_t len, u8 *buf);
	ssize_t (*write)(struct spi_nor *nor, loff_t to, size_t len,
			 const u8 *buf);
	int (*erase)(struct spi_nor *nor, loff_t offs);
};

Reported by FlawFinder.

fs/nfs/symlink.c
1 issues
readlink - This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL.
Security

Line: 34 Column: 28 CWE codes: 362 20
Suggestion: Reconsider approach 

              	struct inode *inode = data;
	int error;

	error = NFS_PROTO(inode)->readlink(inode, page, 0, PAGE_SIZE);
	if (error < 0)
		goto error;
	SetPageUptodate(page);
	unlock_page(page);
	return 0;

Reported by FlawFinder.

fs/omfs/dir.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 139 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto out;

	oi = (struct omfs_inode *) bh->b_data;
	memcpy(oi->i_name, name, namelen);
	memset(oi->i_name + namelen, 0, OMFS_NAMELEN - namelen);
	oi->i_sibling = cpu_to_be64(block);
	oi->i_parent = cpu_to_be64(dir->i_ino);
	mark_buffer_dirty(bh);
	brelse(bh);

Reported by FlawFinder.

fs/omfs/file.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 170 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* copy terminator down an entry */
	entry = terminator;
	terminator++;
	memcpy(terminator, entry, sizeof(struct omfs_extent_entry));

	entry->e_cluster = cpu_to_be64(new_block);
	entry->e_blocks = cpu_to_be64((u64) new_count);

	terminator->e_blocks = ~(cpu_to_be64(

Reported by FlawFinder.