The following issues were found
arch/microblaze/include/asm/cacheflush.h
1 issues
Line: 85
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *dst, void *src, int len)
{
u32 addr = virt_to_phys(dst);
memcpy(dst, src, len);
if (vma->vm_flags & VM_EXEC) {
invalidate_icache_range(addr, addr + PAGE_SIZE);
flush_dcache_range(addr, addr + PAGE_SIZE);
}
}
Reported by FlawFinder.
arch/um/drivers/slip.h
1 issues
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct slip_data {
void *dev;
char name[sizeof("slnnnnn\0")];
char *addr;
char *gate_addr;
int slave;
struct slip_proto slip;
};
Reported by FlawFinder.
arch/xtensa/kernel/jump_label.c
1 issues
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void local_patch_text(unsigned long addr, const void *data, size_t sz)
{
memcpy((void *)addr, data, sz);
local_flush_icache_range(addr, addr + sz);
}
static int patch_text_stop_machine(void *data)
{
Reported by FlawFinder.
arch/xtensa/kernel/module.c
1 issues
Line: 63
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
sechdrs[relsec].sh_info);
for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rela); i++) {
location = (char *)sechdrs[sechdrs[relsec].sh_info].sh_addr
+ rela[i].r_offset;
sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
+ ELF32_R_SYM(rela[i].r_info);
value = sym->st_value + rela[i].r_addend;
Reported by FlawFinder.
arch/m68k/tools/amiga/dmesg.c
1 issues
Line: 52
CWE codes:
476
printf("Searching for SAVEKMSG magic...\n");
for (p = start; p <= end-sizeof(struct savekmsg); p += 4) {
m = (struct savekmsg *)p;
if ((m->magic1 == SAVEKMSG_MAGIC1) && (m->magic2 == SAVEKMSG_MAGIC2) &&
(m->magicptr == p)) {
found = 1;
break;
}
}
Reported by Cppcheck.
arch/um/drivers/slirp.h
1 issues
Line: 18
Column: 33
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
* argv : (char* [SLIRP_MAX_ARGS])(init->argv),
*/
struct arg_list_dummy_wrapper { char *argv[SLIRP_MAX_ARGS]; };
struct slirp_data {
void *dev;
struct arg_list_dummy_wrapper argw;
int pid;
Reported by FlawFinder.
arch/um/drivers/ssl.c
1 issues
Line: 67
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The array is initialized by line_init, at initcall time. The
* elements are locked individually as needed.
*/
static char *conf[NR_PORTS];
static char *def_conf = CONFIG_SSL_CHAN;
static struct line serial_lines[NR_PORTS];
static int ssl_config(char *str, char **error_out)
{
Reported by FlawFinder.
arch/um/drivers/stdio_console.c
1 issues
Line: 73
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The array is initialized by line_init, at initcall time. The
* elements are locked individually as needed.
*/
static char *vt_conf[MAX_TTYS];
static char *def_conf;
static struct line vts[MAX_TTYS];
static int con_config(char *str, char **error_out)
{
Reported by FlawFinder.
arch/um/drivers/tty.c
1 issues
Line: 52
Column: 7
CWE codes:
362
else if (output)
mode = O_WRONLY;
fd = open(data->dev, mode);
if (fd < 0)
return -errno;
if (data->raw) {
CATCH_EINTR(err = tcgetattr(fd, &data->tt));
Reported by FlawFinder.
arch/xtensa/kernel/process.c
1 issues
Line: 263
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
childregs->windowbase = 0;
} else {
int len = childregs->wmask & ~0xf;
memcpy(&childregs->areg[XCHAL_NUM_AREGS - len/4],
®s->areg[XCHAL_NUM_AREGS - len/4], len);
}
childregs->syscall = regs->syscall;
Reported by FlawFinder.