The following issues were found
arch/arm/mach-omap2/id.c
13 issues
Line: 521
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pr_warn("Warning: unknown chip type: hawkeye %04x, assuming OMAP3630ES1.2\n",
hawkeye);
}
sprintf(soc_rev, "ES%s", cpu_rev);
}
void __init omap4xxx_check_revision(void)
{
u32 idcode;
Reported by FlawFinder.
Line: 773
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
type_show(struct device *dev, struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", omap_types[omap_type()]);
}
static DEVICE_ATTR_RO(type);
static struct attribute *omap_soc_attrs[] = {
Reported by FlawFinder.
Line: 40
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OMAP_SOC_MAX_NAME_LENGTH 16
static unsigned int omap_revision;
static char soc_name[OMAP_SOC_MAX_NAME_LENGTH];
static char soc_rev[OMAP_SOC_MAX_NAME_LENGTH];
u32 omap_features;
unsigned int omap_rev(void)
{
Reported by FlawFinder.
Line: 41
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int omap_revision;
static char soc_name[OMAP_SOC_MAX_NAME_LENGTH];
static char soc_rev[OMAP_SOC_MAX_NAME_LENGTH];
u32 omap_features;
unsigned int omap_rev(void)
{
return omap_revision;
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
j = i;
}
sprintf(soc_name, "OMAP%04x", omap_rev() >> 16);
sprintf(soc_rev, "ES%x", (omap_rev() >> 12) & 0xf);
pr_info("%s", soc_name);
if ((omap_rev() >> 8) & 0x0f)
pr_cont("%s", soc_rev);
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
sprintf(soc_name, "OMAP%04x", omap_rev() >> 16);
sprintf(soc_rev, "ES%x", (omap_rev() >> 12) & 0xf);
pr_info("%s", soc_name);
if ((omap_rev() >> 8) & 0x0f)
pr_cont("%s", soc_rev);
pr_cont("\n");
Reported by FlawFinder.
Line: 210
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init omap3_cpuinfo(void)
{
const char *cpu_name;
char buf[64];
int n = 0;
memset(buf, 0, sizeof(buf));
/*
Reported by FlawFinder.
Line: 596
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
omap_revision = OMAP4430_REV_ES2_3;
}
sprintf(soc_name, "OMAP%04x", omap_rev() >> 16);
sprintf(soc_rev, "ES%d.%d", (omap_rev() >> 12) & 0xf,
(omap_rev() >> 8) & 0xf);
pr_info("%s %s\n", soc_name, soc_rev);
}
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
sprintf(soc_name, "OMAP%04x", omap_rev() >> 16);
sprintf(soc_rev, "ES%d.%d", (omap_rev() >> 12) & 0xf,
(omap_rev() >> 8) & 0xf);
pr_info("%s %s\n", soc_name, soc_rev);
}
void __init omap5xxx_check_revision(void)
Reported by FlawFinder.
Line: 639
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
omap_revision = OMAP5430_REV_ES2_0;
}
sprintf(soc_name, "OMAP%04x", omap_rev() >> 16);
sprintf(soc_rev, "ES%d.0", (omap_rev() >> 12) & 0xf);
pr_info("%s %s\n", soc_name, soc_rev);
}
Reported by FlawFinder.
fs/nfs/nfs3xdr.c
13 issues
Line: 2533
Column: 18
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 2533
Column: 28
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 889
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const struct nfs3_accessargs *args)
{
encode_nfs_fh3(xdr, args->fh);
encode_uint32(xdr, args->access);
}
static void nfs3_xdr_enc_access3args(struct rpc_rqst *req,
struct xdr_stream *xdr,
const void *data)
Reported by FlawFinder.
Line: 1535
Column: 38
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto out;
if (status != NFS3_OK)
goto out_default;
error = decode_uint32(xdr, &result->access);
out:
return error;
out_default:
return nfs3_stat_to_errno(status);
}
Reported by FlawFinder.
Line: 2532
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 2532
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static __be32 *xdr_encode_cookieverf3(__be32 *p, const __be32 *verifier)
{
memcpy(p, verifier, NFS3_COOKIEVERFSIZE);
return p + XDR_QUADLEN(NFS3_COOKIEVERFSIZE);
}
static int decode_cookieverf3(struct xdr_stream *xdr, __be32 *verifier)
{
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_COOKIEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier, p, NFS3_COOKIEVERFSIZE);
return 0;
}
/*
* createverf3
Reported by FlawFinder.
Line: 302
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 *p;
p = xdr_reserve_space(xdr, NFS3_CREATEVERFSIZE);
memcpy(p, verifier, NFS3_CREATEVERFSIZE);
}
static int decode_writeverf3(struct xdr_stream *xdr, struct nfs_write_verifier *verifier)
{
__be32 *p;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_WRITEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier->data, p, NFS3_WRITEVERFSIZE);
return 0;
}
/*
* size3
Reported by FlawFinder.
drivers/hwmon/lm63.c
13 issues
Line: 693
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
{
struct lm63_data *data = dev_get_drvdata(dev);
return sprintf(buf, data->trutherm ? "1\n" : "2\n");
}
static ssize_t temp2_type_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan[attr->index]));
}
static ssize_t set_fan(struct device *dev, struct device_attribute *dummy,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 376
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
255 : (data->pwm1[nr] * 255 + data->pwm1_freq) /
(2 * data->pwm1_freq);
return sprintf(buf, "%d\n", pwm);
}
static ssize_t set_pwm1(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 412
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *dummy, char *buf)
{
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", data->config_fan & 0x20 ? 1 : 2);
}
static ssize_t pwm1_enable_store(struct device *dev,
struct device_attribute *dummy,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 462
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", TEMP8_FROM_REG(data->temp8[attr->index]));
}
static ssize_t show_remote_temp8(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 471
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", temp8_from_reg(data, attr->index)
+ data->temp2_offset);
}
static ssize_t show_lut_temp(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 481
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", lut_temp_from_reg(data, attr->index)
+ data->temp2_offset);
}
static ssize_t set_temp8(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 547
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
temp = TEMP11_FROM_REG(data->temp11[nr]);
}
return sprintf(buf, "%d\n", temp + data->temp2_offset);
}
static ssize_t set_temp11(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 595
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *dummy, char *buf)
{
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", temp8_from_reg(data, 2)
+ data->temp2_offset
- TEMP8_FROM_REG(data->temp2_crit_hyst));
}
static ssize_t show_lut_temp_hyst(struct device *dev,
Reported by FlawFinder.
Line: 606
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm63_data *data = lm63_update_device(dev);
return sprintf(buf, "%d\n", lut_temp_from_reg(data, attr->index)
+ data->temp2_offset
- TEMP8_FROM_REG(data->lut_temp_hyst));
}
/*
Reported by FlawFinder.
drivers/scsi/3w-sas.h
13 issues
Line: 246
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
u32 lba;
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR_OLD];
} io;
struct {
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
u32 padding;
unsigned char padding2[TW_PADDING_LENGTH_LIBERATOR_OLD];
Reported by FlawFinder.
Line: 251
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
u32 padding;
unsigned char padding2[TW_PADDING_LENGTH_LIBERATOR_OLD];
} param;
} byte8_offset;
} TW_Command;
/* New Command Packet with ISO SGL */
Reported by FlawFinder.
Line: 264
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char status;
unsigned char sgl_offset;
unsigned short sgl_entries__lunh;
unsigned char cdb[16];
TW_SG_Entry_ISO sg_list[TW_LIBERATOR_MAX_SGL_LENGTH];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR];
} TW_Command_Apache;
/* New command packet header */
Reported by FlawFinder.
Line: 266
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short sgl_entries__lunh;
unsigned char cdb[16];
TW_SG_Entry_ISO sg_list[TW_LIBERATOR_MAX_SGL_LENGTH];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR];
} TW_Command_Apache;
/* New command packet header */
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
Reported by FlawFinder.
Line: 271
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* New command packet header */
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
struct {
char reserved[4];
unsigned short error;
unsigned char padding;
unsigned char severity__reserved;
Reported by FlawFinder.
Line: 273
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
struct {
char reserved[4];
unsigned short error;
unsigned char padding;
unsigned char severity__reserved;
} status_block;
unsigned char err_specific_desc[98];
Reported by FlawFinder.
Line: 278
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char padding;
unsigned char severity__reserved;
} status_block;
unsigned char err_specific_desc[98];
struct {
unsigned char size_header;
unsigned short request_id;
unsigned char size_sense;
} header_desc;
Reported by FlawFinder.
Line: 322
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char retrieved;
unsigned char repeat_count;
unsigned char parameter_len;
unsigned char parameter_data[98];
} TW_Event;
typedef struct TAG_TW_Ioctl_Driver_Command {
unsigned int control_code;
unsigned int status;
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct TAG_TW_Ioctl_Apache {
TW_Ioctl_Driver_Command driver_command;
char padding[488];
TW_Command_Full firmware_command;
char data_buffer[1];
} TW_Ioctl_Buf_Apache;
/* GetParam descriptor */
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TW_Ioctl_Driver_Command driver_command;
char padding[488];
TW_Command_Full firmware_command;
char data_buffer[1];
} TW_Ioctl_Buf_Apache;
/* GetParam descriptor */
typedef struct {
unsigned short table_id;
Reported by FlawFinder.
scripts/kconfig/conf.c
13 issues
Line: 111
CWE codes:
908
seed = (now.tv_sec + 1) * (now.tv_usec + 1);
}
printf("KCONFIG_SEED=0x%X\n", seed);
srand(seed);
}
static bool randomize_choice_values(struct symbol *csym)
{
Reported by Cppcheck.
Line: 112
CWE codes:
908
}
printf("KCONFIG_SEED=0x%X\n", seed);
srand(seed);
}
static bool randomize_choice_values(struct symbol *csym)
{
struct property *prop;
Reported by Cppcheck.
Line: 91
Column: 8
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *env;
bool seed_set = false;
env = getenv("KCONFIG_SEED");
if (env && *env) {
char *endp;
seed = strtol(env, &endp, 0);
if (*endp == '\0')
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
printf("KCONFIG_SEED=0x%X\n", seed);
srand(seed);
}
static bool randomize_choice_values(struct symbol *csym)
{
struct property *prop;
Reported by FlawFinder.
Line: 187
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (mode == def_random) {
int n, p[3];
char *env = getenv("KCONFIG_PROBABILITY");
n = 0;
while (env && *env) {
char *endp;
int tmp = strtol(env, &endp, 10);
Reported by FlawFinder.
Line: 739
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
tty_stdio = isatty(0) && isatty(1);
while ((opt = getopt_long(ac, av, "hs", long_opts, NULL)) != -1) {
switch (opt) {
case 'h':
conf_usage(progname);
exit(1);
break;
Reported by FlawFinder.
Line: 809
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
case allmodconfig:
case alldefconfig:
case randconfig:
name = getenv("KCONFIG_ALLCONFIG");
if (!name)
break;
if ((strcmp(name, "") != 0) && (strcmp(name, "1") != 0)) {
if (conf_read_simple(name, S_DEF_USER)) {
fprintf(stderr,
Reported by FlawFinder.
Line: 842
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
if (sync_kconfig) {
name = getenv("KCONFIG_NOSILENTUPDATE");
if (name && *name) {
if (conf_get_changed()) {
fprintf(stderr,
"\n*** The configuration requires explicit update.\n\n");
return 1;
Reported by FlawFinder.
Line: 45
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tty_stdio;
static int sync_kconfig;
static int conf_cnt;
static char line[PATH_MAX];
static struct menu *rootEntry;
static void print_help(struct menu *menu)
{
struct gstr help = str_new();
Reported by FlawFinder.
Line: 536
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (!line[0])
cnt = def;
else if (isdigit(line[0]))
cnt = atoi(line);
else
continue;
break;
default:
break;
Reported by FlawFinder.
fs/gfs2/ops_fstype.c
13 issues
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sb->sb_root_dir.no_addr = be64_to_cpu(str->sb_root_dir.no_addr);
sb->sb_root_dir.no_formal_ino = be64_to_cpu(str->sb_root_dir.no_formal_ino);
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
Reported by FlawFinder.
Line: 216
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sb->sb_root_dir.no_formal_ino = be64_to_cpu(str->sb_root_dir.no_formal_ino);
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
* gfs2_read_super - Read the gfs2 super block from disk
Reported by FlawFinder.
Line: 217
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
* gfs2_read_super - Read the gfs2 super block from disk
* @sdp: The GFS2 super block
Reported by FlawFinder.
Line: 569
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gfs2_inode *dip = GFS2_I(sdp->sd_jindex);
struct qstr name;
char buf[20];
struct gfs2_jdesc *jd;
int error;
name.name = buf;
Reported by FlawFinder.
Line: 584
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error)
break;
name.len = sprintf(buf, "journal%u", sdp->sd_journals);
name.hash = gfs2_disk_hash(name.name, name.len);
error = gfs2_dir_check(sdp->sd_jindex, &name, NULL);
if (error == -ENOENT) {
error = 0;
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int error = 0;
struct inode *master = d_inode(sdp->sd_master_dir);
struct inode *pn = NULL;
char buf[30];
struct gfs2_jdesc *jd;
struct gfs2_inode *ip;
sdp->sd_statfs_inode = gfs2_lookup_simple(master, "statfs");
if (IS_ERR(sdp->sd_statfs_inode)) {
Reported by FlawFinder.
Line: 674
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
error = -ENOMEM;
goto free_local;
}
sprintf(buf, "statfs_change%u", jd->jd_jid);
lsi->si_sc_inode = gfs2_lookup_simple(pn, buf);
if (IS_ERR(lsi->si_sc_inode)) {
error = PTR_ERR(lsi->si_sc_inode);
fs_err(sdp, "can't find local \"sc\" file#%u: %d\n",
jd->jd_jid, error);
Reported by FlawFinder.
Line: 923
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_per_node(struct gfs2_sbd *sdp, int undo)
{
struct inode *pn = NULL;
char buf[30];
int error = 0;
struct gfs2_inode *ip;
struct inode *master = d_inode(sdp->sd_master_dir);
if (sdp->sd_args.ar_spectator)
Reported by FlawFinder.
Line: 941
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return error;
}
sprintf(buf, "quota_change%u", sdp->sd_jdesc->jd_jid);
sdp->sd_qc_inode = gfs2_lookup_simple(pn, buf);
if (IS_ERR(sdp->sd_qc_inode)) {
error = PTR_ERR(sdp->sd_qc_inode);
fs_err(sdp, "can't find local \"qc\" file: %d\n", error);
goto fail_ut_i;
Reported by FlawFinder.
Line: 1083
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void gfs2_online_uevent(struct gfs2_sbd *sdp)
{
struct super_block *sb = sdp->sd_vfs;
char ro[20];
char spectator[20];
char *envp[] = { ro, spectator, NULL };
sprintf(ro, "RDONLY=%d", sb_rdonly(sb));
sprintf(spectator, "SPECTATOR=%d", sdp->sd_args.ar_spectator ? 1 : 0);
kobject_uevent_env(&sdp->sd_kobj, KOBJ_ONLINE, envp);
Reported by FlawFinder.
drivers/net/ethernet/emulex/benet/be_ethtool.c
13 issues
Line: 439
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < adapter->num_rx_qs; i++) {
for (j = 0; j < ETHTOOL_RXSTATS_NUM; j++) {
sprintf(data, "rxq%d: %s", i,
et_rx_stats[j].desc);
data += ETH_GSTRING_LEN;
}
}
for (i = 0; i < adapter->num_tx_qs; i++) {
Reported by FlawFinder.
Line: 446
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < adapter->num_tx_qs; i++) {
for (j = 0; j < ETHTOOL_TXSTATS_NUM; j++) {
sprintf(data, "txq%d: %s", i,
et_tx_stats[j].desc);
data += ETH_GSTRING_LEN;
}
}
break;
Reported by FlawFinder.
Line: 460
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
case ETH_SS_PRIV_FLAGS:
for (i = 0; i < ARRAY_SIZE(be_priv_flags); i++)
strcpy(data + i * ETH_GSTRING_LEN, be_priv_flags[i]);
break;
}
}
static int be_get_sset_count(struct net_device *netdev, int stringset)
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/ethtool.h>
struct be_ethtool_stat {
char desc[ETH_GSTRING_LEN];
int type;
int size;
int offset;
};
Reported by FlawFinder.
Line: 289
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
total_read_len, file_name,
&read_len, &eof, &addn_status);
if (!status) {
memcpy(buf + total_read_len, read_cmd.va, read_len);
total_read_len += read_len;
eof &= LANCER_READ_FILE_EOF_MASK;
} else {
status = -EIO;
break;
Reported by FlawFinder.
Line: 434
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < ETHTOOL_STATS_NUM; i++) {
memcpy(data, et_stats[i].desc, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
for (i = 0; i < adapter->num_rx_qs; i++) {
for (j = 0; j < ETHTOOL_RXSTATS_NUM; j++) {
sprintf(data, "rxq%d: %s", i,
Reported by FlawFinder.
Line: 454
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_TEST:
for (i = 0; i < ETHTOOL_TESTS_NUM; i++) {
memcpy(data, et_self_tests[i], ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
break;
case ETH_SS_PRIV_FLAGS:
for (i = 0; i < ARRAY_SIZE(be_priv_flags); i++)
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!status) {
resp = eeprom_cmd.va;
memcpy(data, resp->seeprom_data + eeprom->offset, eeprom->len);
}
dma_free_coherent(&adapter->pdev->dev, eeprom_cmd.size, eeprom_cmd.va,
eeprom_cmd.dma);
return be_cmd_status(status);
Reported by FlawFinder.
Line: 1281
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (hkey)
memcpy(hkey, rss->rss_hkey, RSS_HASH_KEY_LEN);
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
return 0;
Reported by FlawFinder.
Line: 1310
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
adapter->rss_info.rss_queue[i] = j;
}
} else {
memcpy(rsstable, adapter->rss_info.rsstable,
RSS_INDIR_TABLE_LEN);
}
if (!hkey)
hkey = adapter->rss_info.rss_hkey;
Reported by FlawFinder.
fs/gfs2/xattr.c
13 issues
Line: 392
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ei->ei_size + ea_size > er->er_data_len)
return -ERANGE;
memcpy(er->er_data + ei->ei_size, prefix, l);
memcpy(er->er_data + ei->ei_size + l, GFS2_EA2NAME(ea),
ea->ea_name_len);
er->er_data[ei->ei_size + ea_size - 1] = 0;
}
Reported by FlawFinder.
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
memcpy(er->er_data + ei->ei_size, prefix, l);
memcpy(er->er_data + ei->ei_size + l, GFS2_EA2NAME(ea),
ea->ea_name_len);
er->er_data[ei->ei_size + ea_size - 1] = 0;
}
ei->ei_size += ea_size;
Reported by FlawFinder.
Line: 499
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp_size = (sdp->sd_jbsize > amount) ? amount : sdp->sd_jbsize;
if (dout) {
memcpy(dout, pos, cp_size);
dout += sdp->sd_jbsize;
}
if (din) {
gfs2_trans_add_meta(ip->i_gl, bh[x]);
Reported by FlawFinder.
Line: 505
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (din) {
gfs2_trans_add_meta(ip->i_gl, bh[x]);
memcpy(pos, din, cp_size);
din += sdp->sd_jbsize;
}
amount -= sdp->sd_jbsize;
brelse(bh[x]);
Reported by FlawFinder.
Line: 527
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
if (GFS2_EA_IS_STUFFED(el->el_ea)) {
memcpy(data, GFS2_EA2DATA(el->el_ea), len);
return len;
}
ret = gfs2_iter_unstuffed(ip, el->el_ea, NULL, data);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 685
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->ea_type = er->er_type;
ea->__pad = 0;
memcpy(GFS2_EA2NAME(ea), er->er_name, er->er_name_len);
if (GFS2_EAREQ_SIZE_STUFFED(er) <= sdp->sd_jbsize) {
ea->ea_num_ptrs = 0;
memcpy(GFS2_EA2DATA(ea), er->er_data, er->er_data_len);
} else {
Reported by FlawFinder.
Line: 689
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (GFS2_EAREQ_SIZE_STUFFED(er) <= sdp->sd_jbsize) {
ea->ea_num_ptrs = 0;
memcpy(GFS2_EA2DATA(ea), er->er_data, er->er_data_len);
} else {
__be64 *dataptr = GFS2_EA2DATAPTRS(ea);
const char *data = er->er_data;
unsigned int data_len = er->er_data_len;
unsigned int copy;
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = data_len > sdp->sd_jbsize ? sdp->sd_jbsize :
data_len;
memcpy(bh->b_data + mh_size, data, copy);
if (copy < sdp->sd_jbsize)
memset(bh->b_data + mh_size + copy, 0,
sdp->sd_jbsize - copy);
*dataptr++ = cpu_to_be64(bh->b_blocknr);
Reported by FlawFinder.
Line: 207
Column: 13
CWE codes:
126
ef.type = type;
ef.name = name;
ef.namel = strlen(name);
ef.ef_el = el;
memset(el, 0, sizeof(struct gfs2_ea_location));
error = ea_foreach(ip, ea_find_i, &ef);
Reported by FlawFinder.
Line: 586
Column: 6
CWE codes:
126
if (!ip->i_eattr)
return -ENODATA;
if (strlen(name) > GFS2_EA_MAX_NAME_LEN)
return -EINVAL;
error = gfs2_ea_find(ip, type, name, &el);
if (error)
return error;
Reported by FlawFinder.
block/partitions/aix.c
13 issues
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "check.h"
struct lvm_rec {
char lvm_id[4]; /* "_LVM" */
char reserved4[16];
__be32 lvmarea_len;
__be32 vgda_len;
__be32 vgda_psn[2];
char reserved36[10];
Reported by FlawFinder.
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lvm_rec {
char lvm_id[4]; /* "_LVM" */
char reserved4[16];
__be32 lvmarea_len;
__be32 vgda_len;
__be32 vgda_psn[2];
char reserved36[10];
__be16 pp_size; /* log2(pp_size) */
Reported by FlawFinder.
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 lvmarea_len;
__be32 vgda_len;
__be32 vgda_psn[2];
char reserved36[10];
__be16 pp_size; /* log2(pp_size) */
char reserved46[12];
__be16 version;
};
Reported by FlawFinder.
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 vgda_psn[2];
char reserved36[10];
__be16 pp_size; /* log2(pp_size) */
char reserved46[12];
__be16 version;
};
struct vgda {
__be32 secs;
Reported by FlawFinder.
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vgda {
__be32 secs;
__be32 usec;
char reserved8[16];
__be16 numlvs;
__be16 maxlvs;
__be16 pp_size;
__be16 numpvs;
__be16 total_vgdas;
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct lvname {
char name[64];
};
struct ppe {
__be16 lv_ix;
unsigned short res2;
Reported by FlawFinder.
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct pvd {
char reserved0[16];
__be16 pp_count;
char reserved18[2];
__be32 psn_part1;
char reserved24[8];
struct ppe ppe[1016];
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pvd {
char reserved0[16];
__be16 pp_count;
char reserved18[2];
__be32 psn_part1;
char reserved24[8];
struct ppe ppe[1016];
};
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 pp_count;
char reserved18[2];
__be32 psn_part1;
char reserved24[8];
struct ppe ppe[1016];
};
#define LVM_MAXLVS 256
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
if (copied > count)
copied = count;
memcpy(buffer, data, copied);
put_dev_sector(sect);
buffer += copied;
totalreadcount += copied;
count -= copied;
}
Reported by FlawFinder.
fs/jfs/jfs_dtree.c
13 issues
Line: 984
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, xaddr);
PXDlength(pxd, xlen);
split->pxdlist = &pxdlist;
rc = dtSplitRoot(tid, ip, split, &rmp);
if (rc)
dbFree(ip, xaddr, xlen);
else
Reported by Cppcheck.
Line: 1033
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, nxaddr);
PXDlength(pxd, xlen + n);
split->pxdlist = &pxdlist;
if ((rc = dtExtendPage(tid, ip, split, btstack))) {
nxaddr = addressPXD(pxd);
if (xaddr != nxaddr) {
/* free relocated extent */
xlen = lengthPXD(pxd);
Reported by Cppcheck.
Line: 1083
CWE codes:
562
goto splitOut;
}
split->pxdlist = &pxdlist;
if ((rc = dtSplitPage(tid, ip, split, &rmp, &rp, &rpxd))) {
DT_PUTPAGE(smp);
/* undo allocation */
goto splitOut;
Reported by Cppcheck.
Line: 1225
CWE codes:
562
split->mp = smp;
split->index = skip; /* index at insert */
split->nslot = n;
split->key = &key;
/* split->data = data; */
/* unpin right child page */
DT_PUTPAGE(rmp);
Reported by Cppcheck.
Line: 396
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xtInsert(tid, ip, 0, 0, sbi->nbperpage, &xaddr, 0)) {
/* This really shouldn't fail */
jfs_warn("add_index: xtInsert failed!");
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
dbFree(ip, xaddr, sbi->nbperpage);
dquot_free_block(ip, sbi->nbperpage);
goto clean_up;
}
Reported by FlawFinder.
Line: 408
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mp) {
jfs_err("add_index: get_metapage failed!");
xtTruncate(tid, ip, 0, COMMIT_PWMAP);
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
goto clean_up;
}
tlck = txLock(tid, ip, mp, tlckDATA);
llck = (struct linelock *) & tlck->lock;
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lv->length = 6; /* tlckDATA slot size is 16 bytes */
llck->index++;
memcpy(mp->data, temp_table, sizeof(temp_table));
mark_metapage_dirty(mp);
release_metapage(mp);
/*
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(dirtab_slot, slot, sizeof(struct dir_table_slot));
if (mp)
release_metapage(mp);
return 0;
Reported by FlawFinder.
Line: 1737
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newstblindex = sp->header.maxslot;
n = xsize >> L2DTSLOTSIZE;
newstblsize = (n + 31) >> L2DTSLOTSIZE;
memcpy(&sp->slot[newstblindex], &sp->slot[oldstblindex],
sp->header.nextindex);
/*
* in-line extension: linelock old area of extended page
*/
Reported by FlawFinder.
Line: 1947
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy old stbl to new stbl at start of extended area */
rp->header.stblindex = DTROOTMAXSLOT;
stbl = (s8 *) & rp->slot[DTROOTMAXSLOT];
memcpy(stbl, sp->header.stbl, sp->header.nextindex);
rp->header.nextindex = sp->header.nextindex;
/* copy old data area to start of new data area */
memcpy(&rp->slot[1], &sp->slot[1], IDATASIZE);
Reported by FlawFinder.