The following issues were found
drivers/virt/acrn/irqfd.c
1 issues
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
irqfd->vm = vm;
memcpy(&irqfd->msi, &args->msi, sizeof(args->msi));
INIT_LIST_HEAD(&irqfd->list);
INIT_WORK(&irqfd->shutdown, hsm_irqfd_shutdown_work);
f = fdget(args->fd);
if (!f.file) {
Reported by FlawFinder.
fs/ramfs/inode.c
1 issues
Line: 135
Column: 11
CWE codes:
126
inode = ramfs_get_inode(dir->i_sb, dir, S_IFLNK|S_IRWXUGO, 0);
if (inode) {
int l = strlen(symname)+1;
error = page_symlink(inode, symname, l);
if (!error) {
d_instantiate(dentry, inode);
dget(dentry);
dir->i_mtime = dir->i_ctime = current_time(dir);
Reported by FlawFinder.
fs/jffs2/compr_rtime.c
1 issues
Line: 104
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
repeat--;
}
} else {
memcpy(&cpage_out[outpos],&cpage_out[backoffs],repeat);
outpos+=repeat;
}
}
}
return 0;
Reported by FlawFinder.
fs/jffs2/compr_lzo.c
1 issues
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (compress_size > *dstlen)
goto fail;
memcpy(cpage_out, lzo_compress_buf, compress_size);
mutex_unlock(&deflate_mutex);
*dstlen = compress_size;
return 0;
Reported by FlawFinder.
fs/jffs2/compr.c
1 issues
Line: 268
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (comprtype & 0xff) {
case JFFS2_COMPR_NONE:
/* This should be special-cased elsewhere, but we might as well deal with it */
memcpy(data_out, cdata_in, datalen);
none_stat_decompr_blocks++;
break;
case JFFS2_COMPR_ZERO:
memset(data_out, 0, datalen);
break;
Reported by FlawFinder.
fs/jbd2/recovery.c
1 issues
Line: 678
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
lock_buffer(nbh);
memcpy(nbh->b_data, obh->b_data,
journal->j_blocksize);
if (flags & JBD2_FLAG_ESCAPE) {
*((__be32 *)nbh->b_data) =
cpu_to_be32(JBD2_MAGIC_NUMBER);
}
Reported by FlawFinder.
fs/jbd2/commit.c
1 issues
Line: 736
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bufs++;
if (first_tag) {
memcpy (tagp, journal->j_uuid, 16);
tagp += 16;
space_left -= 16;
first_tag = 0;
}
Reported by FlawFinder.
fs/isofs/isofs.h
1 issues
Line: 22
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long i_iget5_offset;
unsigned int i_first_extent;
unsigned char i_file_format;
unsigned char i_format_parm[3];
unsigned long i_next_section_block;
unsigned long i_next_section_offset;
off_t i_section_size;
struct inode vfs_inode;
};
Reported by FlawFinder.
fs/isofs/compress.c
1 issues
Line: 26
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "zisofs.h"
/* This should probably be global. */
static char zisofs_sink_page[PAGE_SIZE];
/*
* This contains the zlib memory allocation and the mutex for the
* allocation; this avoids failures at block-decompression time.
*/
Reported by FlawFinder.
fs/io-wq.c
1 issues
Line: 560
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct io_worker *worker = data;
struct io_wqe *wqe = worker->wqe;
struct io_wq *wq = wqe->wq;
char buf[TASK_COMM_LEN];
worker->flags |= (IO_WORKER_F_UP | IO_WORKER_F_RUNNING);
snprintf(buf, sizeof(buf), "iou-wrk-%d", wq->task->pid);
set_task_comm(current, buf);
Reported by FlawFinder.