The following issues were found
fs/romfs/storage.c
1 issues
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = sb_bread(sb, pos >> ROMBSBITS);
if (!bh)
return -EIO;
memcpy(buf, bh->b_data + offset, segment);
brelse(bh);
buf += segment;
buflen -= segment;
pos += segment;
}
Reported by FlawFinder.
fs/romfs/super.c
1 issues
Line: 157
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct romfs_inode ri;
unsigned long offset, maxoff;
int j, ino, nextfh;
char fsname[ROMFS_MAXFN]; /* XXX dynamic? */
int ret;
maxoff = romfs_maxsize(i->i_sb);
offset = ctx->pos;
Reported by FlawFinder.
fs/hfs/catalog.c
1 issues
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("bad catalog namelength\n");
return -EIO;
}
memcpy(fd->search_key->cat.CName.name, rec.thread.CName.name, len);
return hfs_brec_find(fd);
}
/*
Reported by FlawFinder.
fs/squashfs/block.c
1 issues
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_to_copy = min_t(int, bytes_to_copy,
req_length - copied_bytes);
memcpy(actor_addr + actor_offset,
page_address(bvec->bv_page) + bvec->bv_offset + offset,
bytes_to_copy);
actor_offset += bytes_to_copy;
copied_bytes += bytes_to_copy;
Reported by FlawFinder.
include/linux/netfilter_bridge.h
1 issues
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/skbuff.h>
struct nf_bridge_frag_data {
char mac[ETH_HLEN];
bool vlan_present;
u16 vlan_tci;
__be16 vlan_proto;
};
Reported by FlawFinder.
fs/gfs2/quota.c
1 issues
Line: 759
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Write to the page, now that we have setup the buffer(s) */
kaddr = kmap_atomic(page);
memcpy(kaddr + off, buf, bytes);
flush_dcache_page(page);
kunmap_atomic(kaddr);
unlock_page(page);
put_page(page);
Reported by FlawFinder.
fs/gfs2/meta_io.h
1 issues
Line: 31
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int from_head)
{
BUG_ON(from_head < to_head);
memcpy(to_bh->b_data + to_head, from_bh->b_data + from_head,
from_bh->b_size - from_head);
memset(to_bh->b_data + to_bh->b_size + to_head - from_head,
0, from_head - to_head);
}
Reported by FlawFinder.
fs/squashfs/namei.c
1 issues
Line: 83
Column: 2
CWE codes:
120
}
str = &index->name[SQUASHFS_NAME_LEN + 1];
strncpy(str, name, len);
str[len] = '\0';
for (i = 0; i < i_count; i++) {
err = squashfs_read_metadata(sb, index, &index_start,
&index_offset, sizeof(*index));
Reported by FlawFinder.
sound/firewire/fireworks/fireworks_hwdep.c
1 issues
Line: 321
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = snd_hwdep_new(efw->card, "Fireworks", 0, &hwdep);
if (err < 0)
goto end;
strcpy(hwdep->name, "Fireworks");
hwdep->iface = SNDRV_HWDEP_IFACE_FW_FIREWORKS;
hwdep->ops = ops;
hwdep->private_data = efw;
hwdep->exclusive = true;
end:
Reported by FlawFinder.
samples/bpf/tcp_iw_kern.c
1 issues
Line: 25
#define DEBUG 1
SEC("sockops")
int bpf_iw(struct bpf_sock_ops *skops)
{
int bufsize = 1500000;
int rwnd_init = 40;
int iw = 40;
Reported by Cppcheck.