The following issues were found
drivers/scsi/fnic/fnic_fcs.c
14 issues
Line: 395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vlan = (struct fip_vlan *)eth_fr;
memset(vlan, 0, sizeof(*vlan));
memcpy(vlan->eth.h_source, fip->ctl_src_addr, ETH_ALEN);
memcpy(vlan->eth.h_dest, fcoe_all_fcfs, ETH_ALEN);
vlan->eth.h_proto = htons(ETH_P_FIP);
vlan->fip.fip_ver = FIP_VER_ENCAPS(FIP_VER);
vlan->fip.fip_op = htons(FIP_OP_VLAN);
Reported by FlawFinder.
Line: 396
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(vlan, 0, sizeof(*vlan));
memcpy(vlan->eth.h_source, fip->ctl_src_addr, ETH_ALEN);
memcpy(vlan->eth.h_dest, fcoe_all_fcfs, ETH_ALEN);
vlan->eth.h_proto = htons(ETH_P_FIP);
vlan->fip.fip_ver = FIP_VER_ENCAPS(FIP_VER);
vlan->fip.fip_op = htons(FIP_OP_VLAN);
vlan->fip.fip_subcode = FIP_SC_VL_REQ;
Reported by FlawFinder.
Line: 406
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vlan->desc.mac.fd_desc.fip_dtype = FIP_DT_MAC;
vlan->desc.mac.fd_desc.fip_dlen = sizeof(vlan->desc.mac) / FIP_BPW;
memcpy(&vlan->desc.mac.fd_mac, fip->ctl_src_addr, ETH_ALEN);
vlan->desc.wwnn.fd_desc.fip_dtype = FIP_DT_NAME;
vlan->desc.wwnn.fd_desc.fip_dlen = sizeof(vlan->desc.wwnn) / FIP_BPW;
put_unaligned_be64(fip->lp->wwnn, &vlan->desc.wwnn.fd_wwn);
atomic64_inc(&fnic_stats->vlan_stats.vlan_disc_reqs);
Reported by FlawFinder.
Line: 738
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FNIC_FCS_DBG(KERN_DEBUG, fnic->lport->host, "update_mac %pM\n", new);
if (!is_zero_ether_addr(data) && !ether_addr_equal(data, ctl))
vnic_dev_del_addr(fnic->vdev, data);
memcpy(data, new, ETH_ALEN);
if (!ether_addr_equal(new, ctl))
vnic_dev_add_addr(fnic->vdev, new);
}
/**
Reported by FlawFinder.
Line: 1033
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!fnic->vlan_hw_insert) {
eth_hdr = (struct ethhdr *)skb_mac_header(skb);
vlan_hdr = skb_push(skb, sizeof(*vlan_hdr) - sizeof(*eth_hdr));
memcpy(vlan_hdr, eth_hdr, 2 * ETH_ALEN);
vlan_hdr->h_vlan_proto = htons(ETH_P_8021Q);
vlan_hdr->h_vlan_encapsulated_proto = eth_hdr->h_proto;
vlan_hdr->h_vlan_TCI = htons(fnic->vlan_id);
if ((fnic_fc_trace_set_data(fnic->lport->host->host_no,
FNIC_FC_SEND|0x80, (char *)eth_hdr, skb->len)) != 0) {
Reported by FlawFinder.
Line: 1113
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fnic->ctlr.map_dest)
fc_fcoe_set_mac(eth_hdr->h_dest, fh->fh_d_id);
else
memcpy(eth_hdr->h_dest, fnic->ctlr.dest_addr, ETH_ALEN);
memcpy(eth_hdr->h_source, fnic->data_src_addr, ETH_ALEN);
tot_len = skb->len;
BUG_ON(tot_len % 4);
Reported by FlawFinder.
Line: 1114
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fc_fcoe_set_mac(eth_hdr->h_dest, fh->fh_d_id);
else
memcpy(eth_hdr->h_dest, fnic->ctlr.dest_addr, ETH_ALEN);
memcpy(eth_hdr->h_source, fnic->data_src_addr, ETH_ALEN);
tot_len = skb->len;
BUG_ON(tot_len % 4);
memset(fcoe_hdr, 0, sizeof(*fcoe_hdr));
Reported by FlawFinder.
Line: 116
Column: 5
CWE codes:
126
spin_unlock_irqrestore(&fnic->fnic_lock, flags);
fnic_fc_trace_set_data(fnic->lport->host->host_no,
FNIC_FC_LE, "Link Status: DOWN->DOWN",
strlen("Link Status: DOWN->DOWN"));
} else {
if (old_link_down_cnt != fnic->link_down_cnt) {
/* UP -> DOWN -> UP */
fnic->lport->host_stats.link_failure_count++;
spin_unlock_irqrestore(&fnic->fnic_lock, flags);
Reported by FlawFinder.
Line: 126
Column: 6
CWE codes:
126
fnic->lport->host->host_no,
FNIC_FC_LE,
"Link Status:UP_DOWN_UP",
strlen("Link_Status:UP_DOWN_UP")
);
FNIC_FCS_DBG(KERN_DEBUG, fnic->lport->host,
"link down\n");
fcoe_ctlr_link_down(&fnic->ctlr);
if (fnic->config.flags & VFCF_FIP_CAPABLE) {
Reported by FlawFinder.
Line: 137
Column: 7
CWE codes:
126
fnic->lport->host->host_no,
FNIC_FC_LE,
"Link Status: UP_DOWN_UP_VLAN",
strlen(
"Link Status: UP_DOWN_UP_VLAN")
);
fnic_fcoe_send_vlan_req(fnic);
return;
}
Reported by FlawFinder.
lib/test_printf.c
14 issues
Line: 51
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
memset(alloced_buffer, FILL_CHAR, BUF_SIZE + 2*PAD_SIZE);
va_copy(aq, ap);
ret = vsnprintf(test_buffer, bufsize, fmt, aq);
va_end(aq);
if (ret != elen) {
pr_warn("vsnprintf(buf, %d, \"%s\", ...) returned %d, expected %d\n",
bufsize, fmt, ret, elen);
Reported by FlawFinder.
Line: 646
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
page_flags |= (pft[i].value & pft[i].mask) << pft[i].shift;
snprintf(cmp_buf + size, BUF_SIZE - size, "%s=", pft[i].name);
size = strlen(cmp_buf);
snprintf(cmp_buf + size, BUF_SIZE - size, pft[i].fmt,
pft[i].value & pft[i].mask);
size = strlen(cmp_buf);
append = true;
}
Reported by FlawFinder.
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init
plain_format(void)
{
char buf[PLAIN_BUF_SIZE];
int nchars;
nchars = snprintf(buf, PLAIN_BUF_SIZE, "%p", PTR);
if (nchars != PTR_WIDTH)
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init
plain_hash(void)
{
char buf[PLAIN_BUF_SIZE];
int ret;
ret = plain_hash_to_buffer(PTR, buf, PLAIN_BUF_SIZE);
if (ret)
return ret;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init
test_hashed(const char *fmt, const void *p)
{
char buf[PLAIN_BUF_SIZE];
int ret;
/*
* No need to increase failed test counter since this is assumed
* to be called after plain().
Reported by FlawFinder.
Line: 404
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init
hex_string(void)
{
const char buf[3] = {0xc0, 0xff, 0xee};
test("c0 ff ee|c0:ff:ee|c0-ff-ee|c0ffee",
"%3ph|%3phC|%3phD|%3phN", buf, buf, buf, buf);
test("c0 ff ee|c0:ff:ee|c0-ff-ee|c0ffee",
"%*ph|%*phC|%*phD|%*phN", 3, buf, 3, buf, 3, buf, 3, buf);
Reported by FlawFinder.
Line: 454
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init
uuid(void)
{
const char uuid[16] = {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf};
test("00010203-0405-0607-0809-0a0b0c0d0e0f", "%pUb", uuid);
test("00010203-0405-0607-0809-0A0B0C0D0E0F", "%pUB", uuid);
test("03020100-0504-0706-0809-0a0b0c0d0e0f", "%pUl", uuid);
Reported by FlawFinder.
Line: 137
Column: 17
CWE codes:
126
}
#define test(expect, fmt, ...) \
__test(expect, strlen(expect), fmt, ##__VA_ARGS__)
static void __init
test_basic(void)
{
/* Work around annoying "warning: zero-length gnu_printf format string". */
Reported by FlawFinder.
Line: 238
Column: 26
CWE codes:
126
return 0;
}
if (strncmp(buf, ZEROS, strlen(ZEROS)) != 0)
return -1;
return 0;
}
Reported by FlawFinder.
Line: 621
Column: 10
CWE codes:
126
if (flags) {
page_flags |= flags;
snprintf(cmp_buf + size, BUF_SIZE - size, "%s", name);
size = strlen(cmp_buf);
#if SECTIONS_WIDTH || NODES_WIDTH || ZONES_WIDTH || \
LAST_CPUPID_WIDTH || KASAN_TAG_WIDTH
/* Other information also included in page flags */
snprintf(cmp_buf + size, BUF_SIZE - size, "|");
size = strlen(cmp_buf);
Reported by FlawFinder.
arch/um/os-Linux/user_syms.c
14 issues
Line: 69
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
EXPORT_SYMBOL_PROTO(__fxstat64);
EXPORT_SYMBOL_PROTO(lseek);
EXPORT_SYMBOL_PROTO(lseek64);
EXPORT_SYMBOL_PROTO(chown);
EXPORT_SYMBOL_PROTO(fchown);
EXPORT_SYMBOL_PROTO(truncate);
EXPORT_SYMBOL_PROTO(ftruncate64);
EXPORT_SYMBOL_PROTO(utime);
EXPORT_SYMBOL_PROTO(utimes);
Reported by FlawFinder.
Line: 76
Column: 21
CWE codes:
362
Suggestion:
Use fchmod( ) instead
EXPORT_SYMBOL_PROTO(utime);
EXPORT_SYMBOL_PROTO(utimes);
EXPORT_SYMBOL_PROTO(futimes);
EXPORT_SYMBOL_PROTO(chmod);
EXPORT_SYMBOL_PROTO(fchmod);
EXPORT_SYMBOL_PROTO(rename);
EXPORT_SYMBOL_PROTO(__xmknod);
EXPORT_SYMBOL_PROTO(symlink);
Reported by FlawFinder.
Line: 84
Column: 21
CWE codes:
362
20
Suggestion:
Reconsider approach
EXPORT_SYMBOL_PROTO(symlink);
EXPORT_SYMBOL_PROTO(link);
EXPORT_SYMBOL_PROTO(unlink);
EXPORT_SYMBOL_PROTO(readlink);
EXPORT_SYMBOL_PROTO(mkdir);
EXPORT_SYMBOL_PROTO(rmdir);
EXPORT_SYMBOL_PROTO(opendir);
EXPORT_SYMBOL_PROTO(readdir);
Reported by FlawFinder.
Line: 20
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern size_t strlen(const char *);
extern void *memmove(void *, const void *, size_t);
extern void *memset(void *, int, size_t);
extern int printf(const char *, ...);
/* If it's not defined, the export is included in lib/string.c.*/
#ifdef __HAVE_ARCH_STRSTR
EXPORT_SYMBOL(strstr);
#endif
Reported by FlawFinder.
Line: 34
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(memset);
EXPORT_SYMBOL(printf);
/* Here, instead, I can provide a fake prototype. Yes, someone cares: genksyms.
* However, the modules will use the CRC defined *here*, no matter if it is
* good; so the versions of these symbols will always match
*/
Reported by FlawFinder.
Line: 56
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPORT_SYMBOL_PROTO(__errno_location);
EXPORT_SYMBOL_PROTO(access);
EXPORT_SYMBOL_PROTO(open);
EXPORT_SYMBOL_PROTO(open64);
EXPORT_SYMBOL_PROTO(close);
EXPORT_SYMBOL_PROTO(read);
EXPORT_SYMBOL_PROTO(write);
Reported by FlawFinder.
Line: 14
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#undef strlen
#undef strstr
#undef memcpy
#undef memset
extern size_t strlen(const char *);
extern void *memmove(void *, const void *, size_t);
extern void *memset(void *, int, size_t);
Reported by FlawFinder.
Line: 28
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
#ifndef __x86_64__
extern void *memcpy(void *, const void *, size_t);
EXPORT_SYMBOL(memcpy);
#endif
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(memset);
Reported by FlawFinder.
Line: 29
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef __x86_64__
extern void *memcpy(void *, const void *, size_t);
EXPORT_SYMBOL(memcpy);
#endif
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(memset);
EXPORT_SYMBOL(printf);
Reported by FlawFinder.
Line: 57
Column: 21
CWE codes:
362
EXPORT_SYMBOL_PROTO(__errno_location);
EXPORT_SYMBOL_PROTO(access);
EXPORT_SYMBOL_PROTO(open);
EXPORT_SYMBOL_PROTO(open64);
EXPORT_SYMBOL_PROTO(close);
EXPORT_SYMBOL_PROTO(read);
EXPORT_SYMBOL_PROTO(write);
EXPORT_SYMBOL_PROTO(dup2);
Reported by FlawFinder.
drivers/infiniband/hw/qedr/verbs.c
14 issues
Line: 793
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct qedr_dev *dev,
struct qedr_userq *q, u64 buf_addr,
size_t buf_len, bool requires_db_rec,
int access,
int alloc_and_init)
{
u32 fw_pages;
int rc;
Reported by FlawFinder.
Line: 801
Column: 62
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
q->buf_addr = buf_addr;
q->buf_len = buf_len;
q->umem = ib_umem_get(&dev->ibdev, q->buf_addr, q->buf_len, access);
if (IS_ERR(q->umem)) {
DP_ERR(dev, "create user queue: failed ib_umem_get, got %ld\n",
PTR_ERR(q->umem));
return PTR_ERR(q->umem);
}
Reported by FlawFinder.
Line: 1463
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static int qedr_init_srq_user_params(struct ib_udata *udata,
struct qedr_srq *srq,
struct qedr_create_srq_ureq *ureq,
int access)
{
struct scatterlist *sg;
int rc;
rc = qedr_init_user_queue(udata, srq->dev, &srq->usrq, ureq->srq_addr,
Reported by FlawFinder.
Line: 1469
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int rc;
rc = qedr_init_user_queue(udata, srq->dev, &srq->usrq, ureq->srq_addr,
ureq->srq_len, false, access, 1);
if (rc)
return rc;
srq->prod_umem = ib_umem_get(srq->ibsrq.device, ureq->prod_pair_addr,
sizeof(struct rdma_srq_producers), access);
Reported by FlawFinder.
Line: 1474
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return rc;
srq->prod_umem = ib_umem_get(srq->ibsrq.device, ureq->prod_pair_addr,
sizeof(struct rdma_srq_producers), access);
if (IS_ERR(srq->prod_umem)) {
qedr_free_pbl(srq->dev, &srq->usrq.pbl_info, srq->usrq.pbl_tbl);
ib_umem_release(srq->usrq.umem);
DP_ERR(srq->dev,
"create srq: failed ib_umem_get for producer, got %ld\n",
Reported by FlawFinder.
Line: 3446
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
fwqe2->access_ctrl = 0;
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_REMOTE_READ,
!!(wr->access & IB_ACCESS_REMOTE_READ));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_REMOTE_WRITE,
!!(wr->access & IB_ACCESS_REMOTE_WRITE));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_ENABLE_ATOMIC,
!!(wr->access & IB_ACCESS_REMOTE_ATOMIC));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_READ, 1);
Reported by FlawFinder.
Line: 3448
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_REMOTE_READ,
!!(wr->access & IB_ACCESS_REMOTE_READ));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_REMOTE_WRITE,
!!(wr->access & IB_ACCESS_REMOTE_WRITE));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_ENABLE_ATOMIC,
!!(wr->access & IB_ACCESS_REMOTE_ATOMIC));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_READ, 1);
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_WRITE,
!!(wr->access & IB_ACCESS_LOCAL_WRITE));
Reported by FlawFinder.
Line: 3450
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_REMOTE_WRITE,
!!(wr->access & IB_ACCESS_REMOTE_WRITE));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_ENABLE_ATOMIC,
!!(wr->access & IB_ACCESS_REMOTE_ATOMIC));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_READ, 1);
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_WRITE,
!!(wr->access & IB_ACCESS_LOCAL_WRITE));
fwqe2->fmr_ctrl = 0;
Reported by FlawFinder.
Line: 3453
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
!!(wr->access & IB_ACCESS_REMOTE_ATOMIC));
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_READ, 1);
SET_FIELD2(fwqe2->access_ctrl, RDMA_SQ_FMR_WQE_2ND_LOCAL_WRITE,
!!(wr->access & IB_ACCESS_LOCAL_WRITE));
fwqe2->fmr_ctrl = 0;
SET_FIELD2(fwqe2->fmr_ctrl, RDMA_SQ_FMR_WQE_2ND_PAGE_SIZE_LOG,
ilog2(mr->ibmr.page_size) - 12);
Reported by FlawFinder.
Line: 1155
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nw_type = rdma_gid_attr_network_type(gid_attr);
switch (nw_type) {
case RDMA_NETWORK_IPV6:
memcpy(&qp_params->sgid.bytes[0], &gid_attr->gid.raw[0],
sizeof(qp_params->sgid));
memcpy(&qp_params->dgid.bytes[0],
&grh->dgid,
sizeof(qp_params->dgid));
qp_params->roce_mode = ROCE_V2_IPV6;
Reported by FlawFinder.
security/selinux/ss/mls.c
14 issues
Line: 107
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
scontextp++;
for (l = 0; l < 2; l++) {
strcpy(scontextp, sym_name(p, SYM_LEVELS,
context->range.level[l].sens - 1));
scontextp += strlen(scontextp);
/* categories */
head = -2;
Reported by FlawFinder.
Line: 124
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, prev);
strcpy(scontextp, nm);
scontextp += strlen(nm);
}
if (prev < 0)
*scontextp++ = ':';
else
Reported by FlawFinder.
Line: 132
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, i);
strcpy(scontextp, nm);
scontextp += strlen(nm);
head = i;
}
prev = i;
}
Reported by FlawFinder.
Line: 145
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
*scontextp++ = ',';
nm = sym_name(p, SYM_CATS, prev);
strcpy(scontextp, nm);
scontextp += strlen(nm);
}
if (l == 0) {
if (mls_level_eq(&context->range.level[0],
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct level_datum *levdatum;
struct cat_datum *catdatum, *rngdatum;
int l, rc, i;
char *rangep[2];
if (!pol->mls_enabled) {
/*
* With no MLS, only return -EINVAL if there is a MLS field
* and it did not come from an xattr.
Reported by FlawFinder.
Line: 648
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
secattr->attr.mls.cat);
if (rc)
goto import_netlbl_cat_failure;
memcpy(&context->range.level[1].cat, &context->range.level[0].cat,
sizeof(context->range.level[0].cat));
return 0;
import_netlbl_cat_failure:
Reported by FlawFinder.
Line: 49
Column: 10
CWE codes:
126
len = 1; /* for the beginning ":" */
for (l = 0; l < 2; l++) {
int index_sens = context->range.level[l].sens;
len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1));
/* categories */
head = -2;
prev = -2;
e = &context->range.level[l].cat;
Reported by FlawFinder.
Line: 60
Column: 13
CWE codes:
126
/* one or more negative bits are skipped */
if (head != prev) {
nm = sym_name(p, SYM_CATS, prev);
len += strlen(nm) + 1;
}
nm = sym_name(p, SYM_CATS, i);
len += strlen(nm) + 1;
head = i;
}
Reported by FlawFinder.
Line: 63
Column: 12
CWE codes:
126
len += strlen(nm) + 1;
}
nm = sym_name(p, SYM_CATS, i);
len += strlen(nm) + 1;
head = i;
}
prev = i;
}
if (prev != head) {
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
126
}
if (prev != head) {
nm = sym_name(p, SYM_CATS, prev);
len += strlen(nm) + 1;
}
if (l == 0) {
if (mls_level_eq(&context->range.level[0],
&context->range.level[1]))
break;
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
14 issues
Line: 96
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (qidx = 0; qidx < pfvf->hw.rx_queues; qidx++) {
for (stats = 0; stats < otx2_n_queue_stats; stats++) {
sprintf(*data, "rxq%d: %s", qidx + start_qidx,
otx2_queue_stats[stats].name);
*data += ETH_GSTRING_LEN;
}
}
for (qidx = 0; qidx < pfvf->hw.tx_queues; qidx++) {
Reported by FlawFinder.
Line: 103
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (qidx = 0; qidx < pfvf->hw.tx_queues; qidx++) {
for (stats = 0; stats < otx2_n_queue_stats; stats++) {
sprintf(*data, "txq%d: %s", qidx + start_qidx,
otx2_queue_stats[stats].name);
*data += ETH_GSTRING_LEN;
}
}
}
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DRV_VF_NAME "octeontx2-nicvf"
struct otx2_stat {
char name[ETH_GSTRING_LEN];
unsigned int index;
};
/* HW device stats */
#define OTX2_DEV_STAT(stat) { \
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (stats = 0; stats < otx2_n_dev_stats; stats++) {
memcpy(data, otx2_dev_stats[stats].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
for (stats = 0; stats < otx2_n_drv_stats; stats++) {
memcpy(data, otx2_drv_stats[stats].name, ETH_GSTRING_LEN);
Reported by FlawFinder.
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (stats = 0; stats < otx2_n_drv_stats; stats++) {
memcpy(data, otx2_drv_stats[stats].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
otx2_get_qset_strings(pfvf, &data, 0);
Reported by FlawFinder.
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
otx2_get_qset_strings(pfvf, &data, 0);
for (stats = 0; stats < CGX_RX_STATS_COUNT; stats++) {
sprintf(data, "cgx_rxstat%d: ", stats);
data += ETH_GSTRING_LEN;
}
for (stats = 0; stats < CGX_TX_STATS_COUNT; stats++) {
sprintf(data, "cgx_txstat%d: ", stats);
Reported by FlawFinder.
Line: 136
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (stats = 0; stats < CGX_TX_STATS_COUNT; stats++) {
sprintf(data, "cgx_txstat%d: ", stats);
data += ETH_GSTRING_LEN;
}
strcpy(data, "reset_count");
data += ETH_GSTRING_LEN;
Reported by FlawFinder.
Line: 140
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
data += ETH_GSTRING_LEN;
}
strcpy(data, "reset_count");
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Corrected Errors: ");
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Uncorrected Errors: ");
data += ETH_GSTRING_LEN;
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(data, "reset_count");
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Corrected Errors: ");
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Uncorrected Errors: ");
data += ETH_GSTRING_LEN;
}
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Corrected Errors: ");
data += ETH_GSTRING_LEN;
sprintf(data, "Fec Uncorrected Errors: ");
data += ETH_GSTRING_LEN;
}
static void otx2_get_qset_stats(struct otx2_nic *pfvf,
struct ethtool_stats *stats, u64 **data)
Reported by FlawFinder.
drivers/scsi/cxgbi/libcxgbi.c
14 issues
Line: 2833
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = sysfs_format_mac(buf, chba->ndev->dev_addr, 6);
break;
case ISCSI_HOST_PARAM_NETDEV_NAME:
len = sprintf(buf, "%s\n", chba->ndev->name);
break;
case ISCSI_HOST_PARAM_IPADDRESS:
{
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi6_oif = ifindex;
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
static struct cxgbi_sock *
cxgbi_check_route6(struct sockaddr *dst_addr, int ifindex)
Reported by FlawFinder.
Line: 1164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len = 0;
int i;
memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
if (sg) {
addr = sg_dma_address(sg);
len = sg_dma_len(sg);
}
Reported by FlawFinder.
Line: 2222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < tdata->nr_frags; i++, frag++) {
char *src = kmap_atomic(frag->page);
memcpy(dst, src + frag->offset, frag->size);
dst += frag->size;
kunmap_atomic(src);
}
if (padlen) {
Reported by FlawFinder.
Line: 2412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!task->sc)
memcpy(skb->data, task->hdr, SKB_TX_ISCSI_PDU_HEADER_MAX);
err = cxgbi_sock_send_skb(csk, skb);
if (err > 0) {
pdulen += err;
Reported by FlawFinder.
Line: 2522
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
stats->digest_err = 0;
stats->timeout_err = 0;
stats->custom_length = 1;
strcpy(stats->custom[0].desc, "eh_abort_cnt");
stats->custom[0].value = conn->eh_abort_cnt;
}
EXPORT_SYMBOL_GPL(cxgbi_get_conn_stats);
static int cxgbi_conn_max_xmit_dlength(struct iscsi_conn *conn)
Reported by FlawFinder.
Line: 2840
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
if (csk) {
len = sprintf(buf, "%pIS",
(struct sockaddr *)&csk->saddr);
}
log_debug(1 << CXGBI_DBG_ISCSI,
"hba %s, addr %s.\n", chba->ndev->name, buf);
break;
Reported by FlawFinder.
Line: 1727
Column: 64
CWE codes:
120
20
break;
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
Line: 1728
Column: 6
CWE codes:
120
20
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
drivers/scsi/cxlflash/main.c
14 issues
Line: 471
CWE codes:
476
int rc = 0;
ulong to;
buf = kzalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 2317
CWE codes:
476
mutex_lock(&afu->sync_active);
atomic_inc(&afu->cmds_active);
buf = kmalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ioasa->rc.scsi_rc) {
/* We have a SCSI status */
if (ioasa->rc.flags & SISL_RC_FLAGS_SENSE_VALID) {
memcpy(scp->sense_buffer, ioasa->sense_data,
SISL_SENSE_DATA_LEN);
scp->result = ioasa->rc.scsi_rc;
} else
scp->result = ioasa->rc.scsi_rc | (DID_ERROR << 16);
}
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->rcb.req_flags = (SISL_REQ_FLAGS_PORT_LUN_ID |
SISL_REQ_FLAGS_SUP_UNDERRUN |
SISL_REQ_FLAGS_TMF_CMD);
memcpy(cmd->rcb.cdb, &tmfcmd, sizeof(tmfcmd));
rc = afu->send_cmd(afu, cmd);
if (unlikely(rc)) {
spin_lock_irqsave(&cfg->tmf_slock, lock_flags);
cfg->tmf_active = false;
Reported by FlawFinder.
Line: 1635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc = 0;
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1640
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
/* Get the VPD data from the device */
vpd_size = cfg->ops->read_adapter_vpd(pdev, vpd_data, sizeof(vpd_data));
if (unlikely(vpd_size <= 0)) {
dev_err(dev, "%s: Unable to read VPD (size = %ld)\n",
Reported by FlawFinder.
Line: 1705
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(tmp_buf, &vpd_data[i], WWPN_LEN);
rc = kstrtoul(tmp_buf, WWPN_LEN, (ulong *)&wwpn[k]);
if (unlikely(rc)) {
dev_err(dev, "%s: WWPN conversion failed for port %d\n",
__func__, k);
rc = -ENODEV;
Reported by FlawFinder.
Line: 2146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* No byte reverse on reading afu_version or string will be backwards */
reg = readq(&afu->afu_map->global.regs.afu_version);
memcpy(afu->version, ®, sizeof(reg));
afu->interface_version =
readq_be(&afu->afu_map->global.regs.interface_version);
if ((afu->interface_version + 1) == 0) {
dev_err(dev, "Back level AFU, please upgrade. AFU version %s "
"interface version %016llx\n", afu->version,
Reported by FlawFinder.
Line: 2328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry:
memset(cmd, 0, sizeof(*cmd));
memcpy(&cmd->rcb, rcb, sizeof(*rcb));
INIT_LIST_HEAD(&cmd->queue);
init_completion(&cmd->cevent);
cmd->parent = afu;
cmd->hwq_index = hwq->index;
cmd->rcb.ctx_id = hwq->ctx_hndl;
Reported by FlawFinder.
fs/jfs/xattr.c
14 issues
Line: 1017
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = -ENOMEM;
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
Reported by FlawFinder.
Line: 1018
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
if (err < 0)
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = ea->namelen;
if (!is_known_namespace(ea->name)) {
memcpy(buffer, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN);
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
return len;
}
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DXDsize(ea, size);
DXDlength(ea, 0);
DXDaddress(ea, 0);
memcpy(ji->i_inline_ea, ealist, size);
ea->flag = DXD_INLINE;
ji->mode2 &= ~INLINEEA;
} else {
ea->flag = 0;
DXDsize(ea, 0);
Reported by FlawFinder.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto failed;
}
memcpy(mp->data, cp, nb);
/*
* We really need a way to propagate errors for
* forced writes like this one. --hch
*
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!= ea_size)
return -EIO;
memcpy(ealist, ji->i_inline_ea, ea_size);
return 0;
}
/*
* NAME: ea_read
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(mp = read_metapage(ip, blkno + i, bytes_to_read, 1)))
return -EIO;
memcpy(cp, mp->data, nb);
release_metapage(mp);
cp += PSIZE;
nbytes -= nb;
}
Reported by FlawFinder.
Line: 758
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->flag = 0;
ea->namelen = namelen;
ea->valuelen = (cpu_to_le16(value_len));
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
Reported by FlawFinder.
Line: 761
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
/* DEBUG - If we did this right, these number match */
if (xattr_size != new_size) {
Reported by FlawFinder.
tools/perf/scripts/python/flamegraph.py
14 issues
Line: 42
Column: 24
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
not os.path.isfile(self.args.template):
Reported by Pylint.
Line: 1
Column: 1
# flamegraph.py - create flame graphs from perf samples
# SPDX-License-Identifier: GPL-2.0
#
# Usage:
#
# perf record -a -g -F 99 sleep 60
# perf script report flamegraph
#
# Combined:
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 41
Column: 1
}
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 69
Column: 5
node.children.append(child)
return child
def process_event(self, event):
node = self.find_or_create_node(self.stack, event["comm"], None)
if "callchain" in event:
for entry in reversed(event['callchain']):
node = self.find_or_create_node(
node, entry.get("sym", {}).get("name"), event.get("dso"))
Reported by Pylint.