The following issues were found
security/selinux/ss/mls.c
14 issues
Line: 107
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
scontextp++;
for (l = 0; l < 2; l++) {
strcpy(scontextp, sym_name(p, SYM_LEVELS,
context->range.level[l].sens - 1));
scontextp += strlen(scontextp);
/* categories */
head = -2;
Reported by FlawFinder.
Line: 124
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, prev);
strcpy(scontextp, nm);
scontextp += strlen(nm);
}
if (prev < 0)
*scontextp++ = ':';
else
Reported by FlawFinder.
Line: 132
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, i);
strcpy(scontextp, nm);
scontextp += strlen(nm);
head = i;
}
prev = i;
}
Reported by FlawFinder.
Line: 145
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, prev);
strcpy(scontextp, nm);
scontextp += strlen(nm);
}
if (l == 0) {
if (mls_level_eq(&context->range.level[0],
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct level_datum *levdatum;
struct cat_datum *catdatum, *rngdatum;
int l, rc, i;
char *rangep[2];
if (!pol->mls_enabled) {
/*
* With no MLS, only return -EINVAL if there is a MLS field
* and it did not come from an xattr.
Reported by FlawFinder.
Line: 648
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
secattr->attr.mls.cat);
if (rc)
goto import_netlbl_cat_failure;
memcpy(&context->range.level[1].cat, &context->range.level[0].cat,
sizeof(context->range.level[0].cat));
return 0;
import_netlbl_cat_failure:
Reported by FlawFinder.
Line: 49
Column: 10
CWE codes:
126
len = 1; /* for the beginning ":" */
for (l = 0; l < 2; l++) {
int index_sens = context->range.level[l].sens;
len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1));
/* categories */
head = -2;
prev = -2;
e = &context->range.level[l].cat;
Reported by FlawFinder.
Line: 60
Column: 13
CWE codes:
126
/* one or more negative bits are skipped */
if (head != prev) {
nm = sym_name(p, SYM_CATS, prev);
len += strlen(nm) + 1;
}
nm = sym_name(p, SYM_CATS, i);
len += strlen(nm) + 1;
head = i;
}
Reported by FlawFinder.
Line: 63
Column: 12
CWE codes:
126
len += strlen(nm) + 1;
}
nm = sym_name(p, SYM_CATS, i);
len += strlen(nm) + 1;
head = i;
}
prev = i;
}
if (prev != head) {
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
126
}
if (prev != head) {
nm = sym_name(p, SYM_CATS, prev);
len += strlen(nm) + 1;
}
if (l == 0) {
if (mls_level_eq(&context->range.level[0],
&context->range.level[1]))
break;
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_flash.c
14 issues
Line: 536
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
esas2r_print_flash_rev(a);
/* Update the type of boot image on the card */
memcpy(a->image_type, fi->rel_version,
sizeof(fi->rel_version));
complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
return;
}
Reported by FlawFinder.
Line: 1091
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
|| month > 12
|| year < 2006
|| year > 9999) {
strcpy(a->flash_rev, "not found");
a->flash_ver = 0;
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
esas2r_hdebug("flash version: %s", a->flash_rev);
return true;
}
/*
Reported by FlawFinder.
Line: 1134
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto invalid_rev;
if (bh->code_type == CODE_TYPE_PC) {
strcpy(a->image_type, "BIOS");
return true;
} else if (bh->code_type == CODE_TYPE_EFI) {
struct esas2r_efi_image *ei;
Reported by FlawFinder.
Line: 1148
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (le16_to_cpu(ei->machine_type)) {
case EFI_MACHINE_IA32:
strcpy(a->image_type, "EFI 32-bit");
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
Reported by FlawFinder.
Line: 1152
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
Reported by FlawFinder.
Line: 1156
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
Reported by FlawFinder.
Line: 1160
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
default:
goto invalid_rev;
}
Reported by FlawFinder.
Line: 1181
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
invalid_rev:
strcpy(a->image_type, "no boot images");
return false;
}
/*
* Read and validate current NVRAM parameters by accessing
Reported by FlawFinder.
Line: 1281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
}
memcpy(&sas_address_bytes[0], n->sas_addr, 8);
if (sas_address_bytes[0] != 0x50
|| sas_address_bytes[1] != 0x01
|| sas_address_bytes[2] != 0x08
|| (sas_address_bytes[3] & 0xF0) != 0x60
Reported by FlawFinder.
drivers/most/core.c
14 issues
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
atomic_t mbo_ref;
atomic_t mbo_nq_level;
u16 channel_id;
char name[STRING_SIZE];
bool is_poisoned;
struct mutex start_mutex; /* channel activation synchronization */
struct mutex nq_mutex; /* nq thread synchronization */
int is_starving;
struct most_interface *iface;
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct interface_private {
int dev_id;
char name[STRING_SIZE];
struct most_channel *channel[MAX_CHANNELS];
struct list_head channel_list;
};
static const struct {
Reported by FlawFinder.
Line: 177
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(buf, "");
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t available_datatypes_show(struct device *dev,
Reported by FlawFinder.
Line: 193
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(buf, "");
if (c->iface->channel_vector[i].data_type & MOST_CH_CONTROL)
strcat(buf, "control ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
Reported by FlawFinder.
Line: 195
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_CONTROL)
strcat(buf, "control ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t number_of_packet_buffers_show(struct device *dev,
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct most_channel *c = to_channel(dev);
unsigned int i = c->channel_id;
strcpy(buf, "");
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t available_datatypes_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
fs/jfs/xattr.c
14 issues
Line: 1017
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = -ENOMEM;
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
Reported by FlawFinder.
Line: 1018
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
if (err < 0)
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = ea->namelen;
if (!is_known_namespace(ea->name)) {
memcpy(buffer, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN);
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
return len;
}
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DXDsize(ea, size);
DXDlength(ea, 0);
DXDaddress(ea, 0);
memcpy(ji->i_inline_ea, ealist, size);
ea->flag = DXD_INLINE;
ji->mode2 &= ~INLINEEA;
} else {
ea->flag = 0;
DXDsize(ea, 0);
Reported by FlawFinder.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto failed;
}
memcpy(mp->data, cp, nb);
/*
* We really need a way to propagate errors for
* forced writes like this one. --hch
*
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!= ea_size)
return -EIO;
memcpy(ealist, ji->i_inline_ea, ea_size);
return 0;
}
/*
* NAME: ea_read
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(mp = read_metapage(ip, blkno + i, bytes_to_read, 1)))
return -EIO;
memcpy(cp, mp->data, nb);
release_metapage(mp);
cp += PSIZE;
nbytes -= nb;
}
Reported by FlawFinder.
Line: 758
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->flag = 0;
ea->namelen = namelen;
ea->valuelen = (cpu_to_le16(value_len));
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
Reported by FlawFinder.
Line: 761
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
/* DEBUG - If we did this right, these number match */
if (xattr_size != new_size) {
Reported by FlawFinder.
drivers/net/ethernet/neterion/s2io.c
14 issues
Line: 5205
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
/* store the MAC address in CAM */
return do_s2io_prog_unicast(dev, dev->dev_addr);
}
/**
Reported by FlawFinder.
Line: 5382
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < regs->len; i += 8) {
reg = readq(sp->bar0 + i);
memcpy((reg_space + i), ®, 8);
}
}
/*
* s2io_set_led - control NIC led
Reported by FlawFinder.
Line: 5689
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct swStat *swstats = &nic->mac_control.stats_info->sw_stat;
if (nic->device_type == XFRAME_II_DEVICE) {
strcpy(nic->product_name, "Xframe II 10GbE network adapter");
vpd_addr = 0x80;
} else {
strcpy(nic->product_name, "Xframe I 10GbE network adapter");
vpd_addr = 0x50;
}
Reported by FlawFinder.
Line: 5692
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(nic->product_name, "Xframe II 10GbE network adapter");
vpd_addr = 0x80;
} else {
strcpy(nic->product_name, "Xframe I 10GbE network adapter");
vpd_addr = 0x50;
}
strcpy(nic->serial_num, "NOT AVAILABLE");
vpd_data = kmalloc(256, GFP_KERNEL);
Reported by FlawFinder.
Line: 5695
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(nic->product_name, "Xframe I 10GbE network adapter");
vpd_addr = 0x50;
}
strcpy(nic->serial_num, "NOT AVAILABLE");
vpd_data = kmalloc(256, GFP_KERNEL);
if (!vpd_data) {
swstats->mem_alloc_fail_cnt++;
return;
Reported by FlawFinder.
Line: 5730
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(vpd_data[cnt+1] == 'N')) {
len = vpd_data[cnt+2];
if (len < min(VPD_STRING_LEN, 256-cnt-2)) {
memcpy(nic->serial_num,
&vpd_data[cnt + 3],
len);
memset(nic->serial_num+len,
0,
VPD_STRING_LEN-len);
Reported by FlawFinder.
Line: 5744
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((!fail) && (vpd_data[1] < VPD_STRING_LEN)) {
len = vpd_data[1];
memcpy(nic->product_name, &vpd_data[3], len);
nic->product_name[len] = 0;
}
kfree(vpd_data);
swstats->mem_freed += 256;
}
Reported by FlawFinder.
Line: 5782
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EFAULT;
}
valid = INV(data);
memcpy((data_buf + i), &valid, 4);
}
return 0;
}
/**
Reported by FlawFinder.
Line: 6550
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, s2io_gstrings, S2IO_STRINGS_LEN);
break;
case ETH_SS_STATS:
stat_size = sizeof(ethtool_xena_stats_keys);
memcpy(data, ðtool_xena_stats_keys, stat_size);
if (sp->device_type == XFRAME_II_DEVICE) {
Reported by FlawFinder.
Line: 6554
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_STATS:
stat_size = sizeof(ethtool_xena_stats_keys);
memcpy(data, ðtool_xena_stats_keys, stat_size);
if (sp->device_type == XFRAME_II_DEVICE) {
memcpy(data + stat_size,
ðtool_enhanced_stats_keys,
sizeof(ethtool_enhanced_stats_keys));
stat_size += sizeof(ethtool_enhanced_stats_keys);
Reported by FlawFinder.
tools/perf/scripts/python/flamegraph.py
14 issues
Line: 42
Column: 24
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
not os.path.isfile(self.args.template):
Reported by Pylint.
Line: 1
Column: 1
# flamegraph.py - create flame graphs from perf samples
# SPDX-License-Identifier: GPL-2.0
#
# Usage:
#
# perf record -a -g -F 99 sleep 60
# perf script report flamegraph
#
# Combined:
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 41
Column: 1
}
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 69
Column: 5
node.children.append(child)
return child
def process_event(self, event):
node = self.find_or_create_node(self.stack, event["comm"], None)
if "callchain" in event:
for entry in reversed(event['callchain']):
node = self.find_or_create_node(
node, entry.get("sym", {}).get("name"), event.get("dso"))
Reported by Pylint.
fs/gfs2/sys.c
14 issues
Line: 390
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t proto_name_show(struct gfs2_sbd *sdp, char *buf)
{
const struct lm_lockops *ops = sdp->sd_lockstruct.ls_ops;
return sprintf(buf, "%s\n", ops->lm_proto_name);
}
static ssize_t block_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int glmode;
unsigned int gltype;
unsigned long long glnum;
char mode[16];
int rv;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
Reported by FlawFinder.
Line: 401
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(DFL_BLOCK_LOCKS, &ls->ls_recover_flags))
val = 1;
ret = sprintf(buf, "%d\n", val);
return ret;
}
static ssize_t block_store(struct gfs2_sbd *sdp, const char *buf, size_t len)
{
Reported by FlawFinder.
Line: 430
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int val = completion_done(&sdp->sd_wdack) ? 1 : 0;
return sprintf(buf, "%d\n", val);
}
static ssize_t wdack_store(struct gfs2_sbd *sdp, const char *buf, size_t len)
{
int ret, val;
Reported by FlawFinder.
Line: 452
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t lkfirst_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
return sprintf(buf, "%d\n", ls->ls_first);
}
static ssize_t lkfirst_store(struct gfs2_sbd *sdp, const char *buf, size_t len)
{
unsigned first;
Reported by FlawFinder.
Line: 485
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t first_done_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
return sprintf(buf, "%d\n", !!test_bit(DFL_FIRST_MOUNT_DONE, &ls->ls_recover_flags));
}
int gfs2_recover_set(struct gfs2_sbd *sdp, unsigned jid)
{
struct gfs2_jdesc *jd;
Reported by FlawFinder.
Line: 543
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t recover_done_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
return sprintf(buf, "%d\n", ls->ls_recover_jid_done);
}
static ssize_t recover_status_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
Reported by FlawFinder.
Line: 549
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t recover_status_show(struct gfs2_sbd *sdp, char *buf)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
return sprintf(buf, "%d\n", ls->ls_recover_jid_status);
}
static ssize_t jid_show(struct gfs2_sbd *sdp, char *buf)
{
return sprintf(buf, "%d\n", sdp->sd_lockstruct.ls_jid);
Reported by FlawFinder.
Line: 554
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t jid_show(struct gfs2_sbd *sdp, char *buf)
{
return sprintf(buf, "%d\n", sdp->sd_lockstruct.ls_jid);
}
static ssize_t jid_store(struct gfs2_sbd *sdp, const char *buf, size_t len)
{
int jid;
Reported by FlawFinder.
Line: 718
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct super_block *sb = sdp->sd_vfs;
int error;
char ro[20];
char spectator[20];
char *envp[] = { ro, spectator, NULL };
sprintf(ro, "RDONLY=%d", sb_rdonly(sb));
sprintf(spectator, "SPECTATOR=%d", sdp->sd_args.ar_spectator ? 1 : 0);
Reported by FlawFinder.
security/apparmor/apparmorfs.c
14 issues
Line: 535
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size, loff_t *ppos)
{
struct aa_revision *rev = file->private_data;
char buffer[32];
long last_read;
int avail;
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
last_read = rev->last_read;
Reported by FlawFinder.
Line: 552
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
}
avail = sprintf(buffer, "%ld\n", rev->ns->revision);
if (*ppos + size > avail) {
rev->last_read = rev->ns->revision;
*ppos = 0;
}
mutex_unlock(&rev->ns->lock);
Reported by FlawFinder.
Line: 714
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL; /* not enough space */
}
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
}
aa_put_label(label);
Reported by FlawFinder.
Line: 724
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aa_put_label(label);
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
Reported by FlawFinder.
Line: 726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
/**
Reported by FlawFinder.
Line: 1304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (aa_g_rawdata_compression_level == 0) {
if (dlen < slen)
return -EINVAL;
memcpy(dst, src, slen);
return 0;
}
memset(&strm, 0, sizeof(strm));
Reported by FlawFinder.
Line: 1584
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return ERR_PTR(-ENOMEM);
for (; depth > 0; depth--) {
strcpy(s, "../../");
s += 6;
size -= 6;
}
error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
Reported by FlawFinder.
Line: 1699
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mangle_name(profile->base.name, profile->dirname);
sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
}
dent = aafs_create_dir(profile->dirname, parent);
if (IS_ERR(dent))
goto fail;
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int policy_readlink(struct dentry *dentry, char __user *buffer,
int buflen)
{
char name[32];
int res;
res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
d_inode(dentry)->i_ino);
if (res > 0 && res < sizeof(name))
Reported by FlawFinder.
drivers/scsi/cxgbi/libcxgbi.c
14 issues
Line: 2833
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = sysfs_format_mac(buf, chba->ndev->dev_addr, 6);
break;
case ISCSI_HOST_PARAM_NETDEV_NAME:
len = sprintf(buf, "%s\n", chba->ndev->name);
break;
case ISCSI_HOST_PARAM_IPADDRESS:
{
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi6_oif = ifindex;
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
static struct cxgbi_sock *
cxgbi_check_route6(struct sockaddr *dst_addr, int ifindex)
Reported by FlawFinder.
Line: 1164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len = 0;
int i;
memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
if (sg) {
addr = sg_dma_address(sg);
len = sg_dma_len(sg);
}
Reported by FlawFinder.
Line: 2222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < tdata->nr_frags; i++, frag++) {
char *src = kmap_atomic(frag->page);
memcpy(dst, src + frag->offset, frag->size);
dst += frag->size;
kunmap_atomic(src);
}
if (padlen) {
Reported by FlawFinder.
Line: 2412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!task->sc)
memcpy(skb->data, task->hdr, SKB_TX_ISCSI_PDU_HEADER_MAX);
err = cxgbi_sock_send_skb(csk, skb);
if (err > 0) {
pdulen += err;
Reported by FlawFinder.
Line: 2522
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
stats->digest_err = 0;
stats->timeout_err = 0;
stats->custom_length = 1;
strcpy(stats->custom[0].desc, "eh_abort_cnt");
stats->custom[0].value = conn->eh_abort_cnt;
}
EXPORT_SYMBOL_GPL(cxgbi_get_conn_stats);
static int cxgbi_conn_max_xmit_dlength(struct iscsi_conn *conn)
Reported by FlawFinder.
Line: 2840
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
if (csk) {
len = sprintf(buf, "%pIS",
(struct sockaddr *)&csk->saddr);
}
log_debug(1 << CXGBI_DBG_ISCSI,
"hba %s, addr %s.\n", chba->ndev->name, buf);
break;
Reported by FlawFinder.
Line: 1727
Column: 64
CWE codes:
120
20
break;
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
Line: 1728
Column: 6
CWE codes:
120
20
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
drivers/scsi/cxlflash/main.c
14 issues
Line: 471
CWE codes:
476
int rc = 0;
ulong to;
buf = kzalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 2317
CWE codes:
476
mutex_lock(&afu->sync_active);
atomic_inc(&afu->cmds_active);
buf = kmalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ioasa->rc.scsi_rc) {
/* We have a SCSI status */
if (ioasa->rc.flags & SISL_RC_FLAGS_SENSE_VALID) {
memcpy(scp->sense_buffer, ioasa->sense_data,
SISL_SENSE_DATA_LEN);
scp->result = ioasa->rc.scsi_rc;
} else
scp->result = ioasa->rc.scsi_rc | (DID_ERROR << 16);
}
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->rcb.req_flags = (SISL_REQ_FLAGS_PORT_LUN_ID |
SISL_REQ_FLAGS_SUP_UNDERRUN |
SISL_REQ_FLAGS_TMF_CMD);
memcpy(cmd->rcb.cdb, &tmfcmd, sizeof(tmfcmd));
rc = afu->send_cmd(afu, cmd);
if (unlikely(rc)) {
spin_lock_irqsave(&cfg->tmf_slock, lock_flags);
cfg->tmf_active = false;
Reported by FlawFinder.
Line: 1635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc = 0;
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1640
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
/* Get the VPD data from the device */
vpd_size = cfg->ops->read_adapter_vpd(pdev, vpd_data, sizeof(vpd_data));
if (unlikely(vpd_size <= 0)) {
dev_err(dev, "%s: Unable to read VPD (size = %ld)\n",
Reported by FlawFinder.
Line: 1705
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(tmp_buf, &vpd_data[i], WWPN_LEN);
rc = kstrtoul(tmp_buf, WWPN_LEN, (ulong *)&wwpn[k]);
if (unlikely(rc)) {
dev_err(dev, "%s: WWPN conversion failed for port %d\n",
__func__, k);
rc = -ENODEV;
Reported by FlawFinder.
Line: 2146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* No byte reverse on reading afu_version or string will be backwards */
reg = readq(&afu->afu_map->global.regs.afu_version);
memcpy(afu->version, ®, sizeof(reg));
afu->interface_version =
readq_be(&afu->afu_map->global.regs.interface_version);
if ((afu->interface_version + 1) == 0) {
dev_err(dev, "Back level AFU, please upgrade. AFU version %s "
"interface version %016llx\n", afu->version,
Reported by FlawFinder.
Line: 2328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry:
memset(cmd, 0, sizeof(*cmd));
memcpy(&cmd->rcb, rcb, sizeof(*rcb));
INIT_LIST_HEAD(&cmd->queue);
init_completion(&cmd->cevent);
cmd->parent = afu;
cmd->hwq_index = hwq->index;
cmd->rcb.ctx_id = hwq->ctx_hndl;
Reported by FlawFinder.