The following issues were found
tools/perf/ui/browsers/scripts.c
13 issues
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = -1;
goto out;
}
sprintf(script_name, "%s script %s", perf, script_args);
} else if (choice < num + max_std) {
strcpy(script_name, paths[choice]);
}
*custom = choice >= max_std;
Reported by FlawFinder.
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
sprintf(script_name, "%s script %s", perf, script_args);
} else if (choice < num + max_std) {
strcpy(script_name, paths[choice]);
}
*custom = choice >= max_std;
out:
free(buf);
Reported by FlawFinder.
Line: 160
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
pr_debug("Running %s\n", cmd);
SLang_reset_tty();
if (system(cmd) < 0)
pr_warning("Cannot run %s\n", cmd);
/*
* SLang doesn't seem to reset the whole terminal, so be more
* forceful to get back to the original state.
*/
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char **paths;
int index;
const char *perf;
char extra_format[256];
};
void attr_to_script(char *extra_format, struct perf_event_attr *attr)
{
extra_format[0] = 0;
Reported by FlawFinder.
Line: 38
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
{
extra_format[0] = 0;
if (attr->read_format & PERF_FORMAT_GROUP)
strcat(extra_format, " -F +metric");
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->read_format & PERF_FORMAT_GROUP)
strcat(extra_format, " -F +metric");
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
Reported by FlawFinder.
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
Reported by FlawFinder.
Line: 44
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
static int add_script_option(const char *name, const char *opt,
Reported by FlawFinder.
Line: 46
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
static int add_script_option(const char *name, const char *opt,
struct script_config *c)
{
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int list_scripts(char *script_name, bool *custom,
struct evsel *evsel)
{
char *buf, *paths[SCRIPT_MAX_NO], *names[SCRIPT_MAX_NO];
int i, num, choice;
int ret = 0;
int max_std, custom_perf;
char pbuf[256];
const char *perf = perf_exe(pbuf, sizeof pbuf);
Reported by FlawFinder.
fs/gfs2/xattr.c
13 issues
Line: 392
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ei->ei_size + ea_size > er->er_data_len)
return -ERANGE;
memcpy(er->er_data + ei->ei_size, prefix, l);
memcpy(er->er_data + ei->ei_size + l, GFS2_EA2NAME(ea),
ea->ea_name_len);
er->er_data[ei->ei_size + ea_size - 1] = 0;
}
Reported by FlawFinder.
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
memcpy(er->er_data + ei->ei_size, prefix, l);
memcpy(er->er_data + ei->ei_size + l, GFS2_EA2NAME(ea),
ea->ea_name_len);
er->er_data[ei->ei_size + ea_size - 1] = 0;
}
ei->ei_size += ea_size;
Reported by FlawFinder.
Line: 499
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp_size = (sdp->sd_jbsize > amount) ? amount : sdp->sd_jbsize;
if (dout) {
memcpy(dout, pos, cp_size);
dout += sdp->sd_jbsize;
}
if (din) {
gfs2_trans_add_meta(ip->i_gl, bh[x]);
Reported by FlawFinder.
Line: 505
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (din) {
gfs2_trans_add_meta(ip->i_gl, bh[x]);
memcpy(pos, din, cp_size);
din += sdp->sd_jbsize;
}
amount -= sdp->sd_jbsize;
brelse(bh[x]);
Reported by FlawFinder.
Line: 527
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
if (GFS2_EA_IS_STUFFED(el->el_ea)) {
memcpy(data, GFS2_EA2DATA(el->el_ea), len);
return len;
}
ret = gfs2_iter_unstuffed(ip, el->el_ea, NULL, data);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 685
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->ea_type = er->er_type;
ea->__pad = 0;
memcpy(GFS2_EA2NAME(ea), er->er_name, er->er_name_len);
if (GFS2_EAREQ_SIZE_STUFFED(er) <= sdp->sd_jbsize) {
ea->ea_num_ptrs = 0;
memcpy(GFS2_EA2DATA(ea), er->er_data, er->er_data_len);
} else {
Reported by FlawFinder.
Line: 689
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (GFS2_EAREQ_SIZE_STUFFED(er) <= sdp->sd_jbsize) {
ea->ea_num_ptrs = 0;
memcpy(GFS2_EA2DATA(ea), er->er_data, er->er_data_len);
} else {
__be64 *dataptr = GFS2_EA2DATAPTRS(ea);
const char *data = er->er_data;
unsigned int data_len = er->er_data_len;
unsigned int copy;
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = data_len > sdp->sd_jbsize ? sdp->sd_jbsize :
data_len;
memcpy(bh->b_data + mh_size, data, copy);
if (copy < sdp->sd_jbsize)
memset(bh->b_data + mh_size + copy, 0,
sdp->sd_jbsize - copy);
*dataptr++ = cpu_to_be64(bh->b_blocknr);
Reported by FlawFinder.
Line: 207
Column: 13
CWE codes:
126
ef.type = type;
ef.name = name;
ef.namel = strlen(name);
ef.ef_el = el;
memset(el, 0, sizeof(struct gfs2_ea_location));
error = ea_foreach(ip, ea_find_i, &ef);
Reported by FlawFinder.
Line: 586
Column: 6
CWE codes:
126
if (!ip->i_eattr)
return -ENODATA;
if (strlen(name) > GFS2_EA_MAX_NAME_LEN)
return -EINVAL;
error = gfs2_ea_find(ip, type, name, &el);
if (error)
return error;
Reported by FlawFinder.
arch/um/drivers/net_kern.c
13 issues
Line: 284
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
int i;
if (str == NULL)
goto random;
for (i = 0; i < 6; i++) {
addr[i] = simple_strtoul(str, &end, 16);
if ((end == str) ||
((*end != ':') && (*end != ',') && (*end != '\0'))) {
Reported by FlawFinder.
Line: 293
Column: 9
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
printk(KERN_ERR
"setup_etheraddr: failed to parse '%s' "
"as an ethernet address\n", str);
goto random;
}
str = end + 1;
}
if (is_multicast_ether_addr(addr)) {
printk(KERN_ERR
Reported by FlawFinder.
Line: 301
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
printk(KERN_ERR
"Attempt to assign a multicast ethernet address to a "
"device disallowed\n");
goto random;
}
if (!is_valid_ether_addr(addr)) {
printk(KERN_ERR
"Attempt to assign an invalid ethernet address to a "
"device disallowed\n");
Reported by FlawFinder.
Line: 307
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
printk(KERN_ERR
"Attempt to assign an invalid ethernet address to a "
"device disallowed\n");
goto random;
}
if (!is_local_ether_addr(addr)) {
printk(KERN_WARNING
"Warning: Assigning a globally valid ethernet "
"address to a device\n");
Reported by FlawFinder.
Line: 321
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
return;
random:
printk(KERN_INFO
"Choosing a random ethernet address for device %s\n", dev->name);
eth_hw_addr_random(dev);
}
Reported by FlawFinder.
Line: 155
Column: 17
CWE codes:
362
goto out;
}
lp->fd = (*lp->open)(&lp->user);
if (lp->fd < 0) {
err = lp->fd;
goto out;
}
Reported by FlawFinder.
Line: 439
Column: 32
CWE codes:
362
.mac = { 0xfe, 0xfd, 0x0, 0x0, 0x0, 0x0},
.max_packet = transport->user->max_packet,
.protocol = transport->kern->protocol,
.open = transport->user->open,
.close = transport->user->close,
.remove = transport->user->remove,
.read = transport->kern->read,
.write = transport->kern->write,
.add_address = transport->user->add_address,
Reported by FlawFinder.
Line: 731
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *dev = ifa->ifa_dev->dev;
struct uml_net_private *lp;
void (*proc)(unsigned char *, unsigned char *, void *);
unsigned char addr_buf[4], netmask_buf[4];
if (dev->netdev_ops->ndo_open != uml_net_open)
return NOTIFY_DONE;
lp = netdev_priv(dev);
Reported by FlawFinder.
Line: 828
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *dev = d;
struct in_device *ip = dev->ip_ptr;
struct in_ifaddr *in;
unsigned char address[4], netmask[4];
if (ip == NULL) return;
in = ip->ifa_list;
while (in != NULL) {
memcpy(address, &in->ifa_address, sizeof(address));
Reported by FlawFinder.
Line: 84
Column: 9
CWE codes:
120
20
if (skb == NULL) {
drop_skb->dev = dev;
/* Read a packet into drop_skb and don't do anything with it. */
(*lp->read)(lp->fd, drop_skb, lp);
dev->stats.rx_dropped++;
return 0;
}
skb->dev = dev;
Reported by FlawFinder.
fs/gfs2/ops_fstype.c
13 issues
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sb->sb_root_dir.no_addr = be64_to_cpu(str->sb_root_dir.no_addr);
sb->sb_root_dir.no_formal_ino = be64_to_cpu(str->sb_root_dir.no_formal_ino);
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
Reported by FlawFinder.
Line: 216
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sb->sb_root_dir.no_formal_ino = be64_to_cpu(str->sb_root_dir.no_formal_ino);
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
* gfs2_read_super - Read the gfs2 super block from disk
Reported by FlawFinder.
Line: 217
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sb->sb_lockproto, str->sb_lockproto, GFS2_LOCKNAME_LEN);
memcpy(sb->sb_locktable, str->sb_locktable, GFS2_LOCKNAME_LEN);
memcpy(&s->s_uuid, str->sb_uuid, 16);
}
/**
* gfs2_read_super - Read the gfs2 super block from disk
* @sdp: The GFS2 super block
Reported by FlawFinder.
Line: 569
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gfs2_inode *dip = GFS2_I(sdp->sd_jindex);
struct qstr name;
char buf[20];
struct gfs2_jdesc *jd;
int error;
name.name = buf;
Reported by FlawFinder.
Line: 584
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error)
break;
name.len = sprintf(buf, "journal%u", sdp->sd_journals);
name.hash = gfs2_disk_hash(name.name, name.len);
error = gfs2_dir_check(sdp->sd_jindex, &name, NULL);
if (error == -ENOENT) {
error = 0;
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int error = 0;
struct inode *master = d_inode(sdp->sd_master_dir);
struct inode *pn = NULL;
char buf[30];
struct gfs2_jdesc *jd;
struct gfs2_inode *ip;
sdp->sd_statfs_inode = gfs2_lookup_simple(master, "statfs");
if (IS_ERR(sdp->sd_statfs_inode)) {
Reported by FlawFinder.
Line: 674
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
error = -ENOMEM;
goto free_local;
}
sprintf(buf, "statfs_change%u", jd->jd_jid);
lsi->si_sc_inode = gfs2_lookup_simple(pn, buf);
if (IS_ERR(lsi->si_sc_inode)) {
error = PTR_ERR(lsi->si_sc_inode);
fs_err(sdp, "can't find local \"sc\" file#%u: %d\n",
jd->jd_jid, error);
Reported by FlawFinder.
Line: 923
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_per_node(struct gfs2_sbd *sdp, int undo)
{
struct inode *pn = NULL;
char buf[30];
int error = 0;
struct gfs2_inode *ip;
struct inode *master = d_inode(sdp->sd_master_dir);
if (sdp->sd_args.ar_spectator)
Reported by FlawFinder.
Line: 941
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return error;
}
sprintf(buf, "quota_change%u", sdp->sd_jdesc->jd_jid);
sdp->sd_qc_inode = gfs2_lookup_simple(pn, buf);
if (IS_ERR(sdp->sd_qc_inode)) {
error = PTR_ERR(sdp->sd_qc_inode);
fs_err(sdp, "can't find local \"qc\" file: %d\n", error);
goto fail_ut_i;
Reported by FlawFinder.
Line: 1083
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void gfs2_online_uevent(struct gfs2_sbd *sdp)
{
struct super_block *sb = sdp->sd_vfs;
char ro[20];
char spectator[20];
char *envp[] = { ro, spectator, NULL };
sprintf(ro, "RDONLY=%d", sb_rdonly(sb));
sprintf(spectator, "SPECTATOR=%d", sdp->sd_args.ar_spectator ? 1 : 0);
kobject_uevent_env(&sdp->sd_kobj, KOBJ_ONLINE, envp);
Reported by FlawFinder.
fs/nls/mac-turkish.c
13 issues
Line: 52
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00 */
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00b8, 0x02dd, 0x02db, 0x02c7,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 170
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xbf, 0x9d, 0x9c, 0x9e, 0x9f, 0x00, 0x00, 0xd8, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xda, 0xdb, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page02[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 240
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0xd0, 0xd1, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd4, 0xd5, 0xe2, 0x00, 0xd2, 0xd3, 0xe3, 0x00, /* 0x18-0x1f */
0xa0, 0xe0, 0xa5, 0x00, 0x00, 0x00, 0xc9, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 310
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 345
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0xb6, 0x00, 0x00, 0x00, 0xc6, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb8, /* 0x08-0x0f */
0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, 0xb0, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 380
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page25[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 415
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char pagef8[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
fs/gfs2/lock_dlm.c
13 issues
Line: 1066
CWE codes:
476
max_jid = 0;
for (i = 0; i < num_slots; i++) {
if (max_jid < slots[i].slot - 1)
max_jid = slots[i].slot - 1;
}
old_size = ls->ls_recover_size;
new_size = old_size;
Reported by Cppcheck.
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lm_lockstruct *ls = &gl->gl_name.ln_sbd->sd_lockstruct;
int req;
u32 lkf;
char strname[GDLM_STRNAME_BYTES] = "";
req = make_mode(gl->gl_name.ln_sbd, req_state);
lkf = make_flags(gl, flags, req);
gfs2_glstats_inc(gl, GFS2_LKS_DCOUNT);
gfs2_sbstats_inc(gl, GFS2_LKS_DCOUNT);
Reported by FlawFinder.
Line: 473
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *lvb_bits)
{
__le32 gen;
memcpy(lvb_bits, ls->ls_control_lvb, GDLM_LVB_SIZE);
memcpy(&gen, lvb_bits, sizeof(__le32));
*lvb_gen = le32_to_cpu(gen);
}
static void control_lvb_write(struct lm_lockstruct *ls, uint32_t lvb_gen,
Reported by FlawFinder.
Line: 474
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le32 gen;
memcpy(lvb_bits, ls->ls_control_lvb, GDLM_LVB_SIZE);
memcpy(&gen, lvb_bits, sizeof(__le32));
*lvb_gen = le32_to_cpu(gen);
}
static void control_lvb_write(struct lm_lockstruct *ls, uint32_t lvb_gen,
char *lvb_bits)
Reported by FlawFinder.
Line: 482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *lvb_bits)
{
__le32 gen;
memcpy(ls->ls_control_lvb, lvb_bits, GDLM_LVB_SIZE);
gen = cpu_to_le32(lvb_gen);
memcpy(ls->ls_control_lvb, &gen, sizeof(__le32));
}
static int all_jid_bits_clear(char *lvb)
Reported by FlawFinder.
Line: 484
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__le32 gen;
memcpy(ls->ls_control_lvb, lvb_bits, GDLM_LVB_SIZE);
gen = cpu_to_le32(lvb_gen);
memcpy(ls->ls_control_lvb, &gen, sizeof(__le32));
}
static int all_jid_bits_clear(char *lvb)
{
return !memchr_inv(lvb + JID_BITMAP_OFFSET, 0,
Reported by FlawFinder.
Line: 525
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int num, struct dlm_lksb *lksb, char *name)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
char strname[GDLM_STRNAME_BYTES];
int error, status;
memset(strname, 0, GDLM_STRNAME_BYTES);
snprintf(strname, GDLM_STRNAME_BYTES, "%8x%16x", LM_TYPE_NONDISK, num);
Reported by FlawFinder.
Line: 1086
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
spin_lock(&ls->ls_recover_spin);
memcpy(submit, ls->ls_recover_submit, old_size * sizeof(uint32_t));
memcpy(result, ls->ls_recover_result, old_size * sizeof(uint32_t));
kfree(ls->ls_recover_submit);
kfree(ls->ls_recover_result);
ls->ls_recover_submit = submit;
ls->ls_recover_result = result;
Reported by FlawFinder.
Line: 1087
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&ls->ls_recover_spin);
memcpy(submit, ls->ls_recover_submit, old_size * sizeof(uint32_t));
memcpy(result, ls->ls_recover_result, old_size * sizeof(uint32_t));
kfree(ls->ls_recover_submit);
kfree(ls->ls_recover_result);
ls->ls_recover_submit = submit;
ls->ls_recover_result = result;
ls->ls_recover_size = new_size;
Reported by FlawFinder.
Line: 1249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gdlm_mount(struct gfs2_sbd *sdp, const char *table)
{
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
char cluster[GFS2_LOCKNAME_LEN];
const char *fsname;
uint32_t flags;
int error, ops_result;
/*
Reported by FlawFinder.
tools/perf/tests/code-reading.c
13 issues
Line: 153
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
if (!read_bytes)
continue;
if (sscanf(line, "%"PRIx64, &addr) != 1)
continue;
if (addr < last_addr) {
pr_debug("addr going backwards, read beyond section?\n");
break;
}
Reported by FlawFinder.
Line: 188
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
fmt = "%s -z -d --start-address=0x%"PRIx64" --stop-address=0x%"PRIx64" %s";
ret = snprintf(cmd, sizeof(cmd), fmt, "objdump", addr, addr + len,
filename);
if (ret <= 0 || (size_t)ret >= sizeof(cmd))
return -1;
pr_debug("Objdump command is: %s\n", cmd);
Reported by FlawFinder.
Line: 198
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
/* Ignore objdump errors */
strcat(cmd, " 2>/dev/null");
f = popen(cmd, "r");
if (!f) {
pr_debug("popen failed\n");
return -1;
}
Reported by FlawFinder.
Line: 137
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (off_last < *len) {
size_t off, read_bytes, written_bytes;
unsigned char tmp[BUFSZ];
ret = getline(&line, &line_len, f);
if (feof(f))
break;
if (ret < 0) {
Reported by FlawFinder.
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (off >= *len)
break;
written_bytes = MIN(read_bytes, *len - off);
memcpy(buf + off, tmp, written_bytes);
off_last = off + written_bytes;
}
/* len returns number of bytes that could not be read */
*len -= off_last;
Reported by FlawFinder.
Line: 182
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_via_objdump(const char *filename, u64 addr, void *buf,
size_t len)
{
char cmd[PATH_MAX * 2];
const char *fmt;
FILE *f;
int ret;
fmt = "%s -z -d --start-address=0x%"PRIx64" --stop-address=0x%"PRIx64" %s";
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
pr_debug("Objdump command is: %s\n", cmd);
/* Ignore objdump errors */
strcat(cmd, " 2>/dev/null");
f = popen(cmd, "r");
if (!f) {
pr_debug("popen failed\n");
return -1;
Reported by FlawFinder.
Line: 232
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct thread *thread, struct state *state)
{
struct addr_location al;
unsigned char buf1[BUFSZ];
unsigned char buf2[BUFSZ];
size_t ret_len;
u64 objdump_addr;
const char *objdump_name;
char decomp_name[KMOD_DECOMP_LEN];
Reported by FlawFinder.
Line: 233
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct addr_location al;
unsigned char buf1[BUFSZ];
unsigned char buf2[BUFSZ];
size_t ret_len;
u64 objdump_addr;
const char *objdump_name;
char decomp_name[KMOD_DECOMP_LEN];
bool decomp = false;
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t ret_len;
u64 objdump_addr;
const char *objdump_name;
char decomp_name[KMOD_DECOMP_LEN];
bool decomp = false;
int ret;
pr_debug("Reading object code for memory address: %#"PRIx64"\n", addr);
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
13 issues
Line: 206
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flow_rule_match_ipv4_addrs(rule, &match);
fs->type = 0;
memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
Reported by FlawFinder.
Line: 207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flow_rule_match_ipv4_addrs(rule, &match);
fs->type = 0;
memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
Reported by FlawFinder.
Line: 208
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fs->type = 0;
memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
Reported by FlawFinder.
Line: 209
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
}
Reported by FlawFinder.
Line: 212
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
}
if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
struct flow_match_ipv6_addrs match;
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
}
if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
struct flow_match_ipv6_addrs match;
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flow_rule_match_ipv6_addrs(rule, &match);
fs->type = 1;
memcpy(&fs->val.lip[0], match.key->dst.s6_addr,
sizeof(match.key->dst));
memcpy(&fs->val.fip[0], match.key->src.s6_addr,
sizeof(match.key->src));
memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
sizeof(match.mask->dst));
Reported by FlawFinder.
Line: 223
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fs->type = 1;
memcpy(&fs->val.lip[0], match.key->dst.s6_addr,
sizeof(match.key->dst));
memcpy(&fs->val.fip[0], match.key->src.s6_addr,
sizeof(match.key->src));
memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
sizeof(match.mask->src));
Reported by FlawFinder.
Line: 225
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(match.key->dst));
memcpy(&fs->val.fip[0], match.key->src.s6_addr,
sizeof(match.key->src));
memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
Reported by FlawFinder.
Line: 227
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(match.key->src));
memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
sizeof(match.mask->dst));
memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
sizeof(match.mask->src));
/* also initialize nat_lip/fip to same values */
memcpy(&fs->nat_lip[0], match.key->dst.s6_addr,
sizeof(match.key->dst));
Reported by FlawFinder.
drivers/crypto/hisilicon/qm.c
13 issues
Line: 4049
CWE codes:
908
}
}
return ret;
}
static ssize_t qm_algqos_read(struct file *filp, char __user *buf,
size_t count, loff_t *pos)
{
Reported by Cppcheck.
Line: 4140
Column: 8
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
tbuf[len] = '\0';
ret = sscanf(tbuf, "%s %s", tbuf_bdf, val_buf);
if (ret != QM_QOS_PARAM_NUM) {
ret = -EINVAL;
goto err_get_status;
}
Reported by FlawFinder.
Line: 1262
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct debugfs_file *file = filp->private_data;
enum qm_debug_file index = file->index;
char tbuf[QM_DBG_TMP_BUF_LEN];
u32 val;
int ret;
mutex_lock(&file->lock);
switch (index) {
Reported by FlawFinder.
Line: 1293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct debugfs_file *file = filp->private_data;
enum qm_debug_file index = file->index;
unsigned long val;
char tbuf[QM_DBG_TMP_BUF_LEN];
int len, ret;
if (*pos != 0)
return 0;
Reported by FlawFinder.
Line: 1405
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t qm_cmd_read(struct file *filp, char __user *buffer,
size_t count, loff_t *pos)
{
char buf[QM_DBG_READ_LEN];
int len;
len = scnprintf(buf, QM_DBG_READ_LEN, "%s\n",
"Please echo help to cmd to get help information");
Reported by FlawFinder.
Line: 1667
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
qp = &qm->qp_array[qp_id];
memcpy(sqe, qp->sqe, qm->sqe_size * QM_Q_DEPTH);
sqe_curr = sqe + (u32)(sqe_id * qm->sqe_size);
memset(sqe_curr + qm->debug.sqe_mask_offset, QM_SQE_ADDR_MASK,
qm->debug.sqe_mask_len);
ret = dump_show(qm, sqe_curr, qm->sqe_size, "SQE");
Reported by FlawFinder.
Line: 2799
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sqe)
return -EBUSY;
memcpy(sqe, msg, qp->qm->sqe_size);
qm_db(qp->qm, qp->qp_id, QM_DOORBELL_CMD_SQ, sq_tail_next, 0);
atomic_inc(&qp->qp_status.used);
qp_status->sq_tail = sq_tail_next;
Reported by FlawFinder.
Line: 3632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct hisi_qm *qm = filp->private_data;
char buf[QM_DBG_READ_LEN];
int val, len;
val = atomic_read(&qm->status.flags);
len = scnprintf(buf, QM_DBG_READ_LEN, "%s\n", qm_s[val]);
Reported by FlawFinder.
Line: 4056
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct hisi_qm *qm = filp->private_data;
char tbuf[QM_DBG_READ_LEN];
u32 qos_val, ir;
int ret;
/* Mailbox and reset cannot be operated at the same time */
if (test_and_set_bit(QM_RESETTING, &qm->misc_ctl)) {
Reported by FlawFinder.
Line: 4106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct hisi_qm *qm = filp->private_data;
char tbuf[QM_DBG_READ_LEN];
int tmp1, bus, device, function;
char tbuf_bdf[QM_DBG_READ_LEN] = {0};
char val_buf[QM_QOS_VAL_MAX_LEN] = {0};
unsigned int fun_index;
unsigned long val = 0;
Reported by FlawFinder.
tools/perf/util/cgroup.c
13 issues
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
cn->used = false;
strcpy(cn->name, fpath);
list_add_tail(&cn->list, &cgroup_list);
return 0;
}
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int open_cgroup(const char *name)
{
char path[PATH_MAX + 1];
char mnt[PATH_MAX + 1];
int fd;
if (cgroupfs_find_mountpoint(mnt, PATH_MAX + 1, "perf_event"))
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int open_cgroup(const char *name)
{
char path[PATH_MAX + 1];
char mnt[PATH_MAX + 1];
int fd;
if (cgroupfs_find_mountpoint(mnt, PATH_MAX + 1, "perf_event"))
return -1;
Reported by FlawFinder.
Line: 43
Column: 7
CWE codes:
362
scnprintf(path, PATH_MAX, "%s/%s", mnt, name);
fd = open(path, O_RDONLY);
if (fd == -1)
fprintf(stderr, "no access to cgroup %s\n", path);
return fd;
}
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef HAVE_FILE_HANDLE
int read_cgroup_id(struct cgroup *cgrp)
{
char path[PATH_MAX + 1];
char mnt[PATH_MAX + 1];
struct {
struct file_handle fh;
uint64_t cgroup_id;
} handle;
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int read_cgroup_id(struct cgroup *cgrp)
{
char path[PATH_MAX + 1];
char mnt[PATH_MAX + 1];
struct {
struct file_handle fh;
uint64_t cgroup_id;
} handle;
int mount_id;
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cgroup_is_v2(const char *subsys)
{
char mnt[PATH_MAX + 1];
struct statfs stbuf;
if (cgroupfs_find_mountpoint(mnt, PATH_MAX + 1, subsys))
return -1;
Reported by FlawFinder.
Line: 281
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* collect all cgroups first and then match with the pattern */
static int match_cgroups(const char *str)
{
char mnt[PATH_MAX];
const char *p, *e, *eos = str + strlen(str);
struct cgroup_name *cn;
regex_t reg;
int prefix_len;
char *s;
Reported by FlawFinder.
Line: 216
Column: 28
CWE codes:
126
if (typeflag != FTW_D)
return 0;
cn = malloc(sizeof(*cn) + strlen(fpath) + 1);
if (cn == NULL)
return -1;
cn->used = false;
strcpy(cn->name, fpath);
Reported by FlawFinder.
Line: 241
Column: 34
CWE codes:
126
/* collect given cgroups only */
static int list_cgroups(const char *str)
{
const char *p, *e, *eos = str + strlen(str);
struct cgroup_name *cn;
char *s;
/* use given name as is - for testing purpose */
for (;;) {
Reported by FlawFinder.