The following issues were found
arch/openrisc/kernel/signal.c
1 issues
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rt_sigframe {
struct siginfo info;
struct ucontext uc;
unsigned char retcode[16]; /* trampoline code */
};
static int restore_sigcontext(struct pt_regs *regs,
struct sigcontext __user *sc)
{
Reported by FlawFinder.
arch/openrisc/kernel/process.c
1 issues
Line: 261
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void dump_elf_thread(elf_greg_t *dest, struct pt_regs* regs)
{
dest[0] = 0; /* r0 */
memcpy(dest+1, regs->gpr+1, 31*sizeof(unsigned long));
dest[32] = regs->pc;
dest[33] = regs->sr;
dest[34] = 0;
dest[35] = 0;
}
Reported by FlawFinder.
arch/openrisc/include/asm/string.h
1 issues
Line: 9
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern void *memset(void *s, int c, __kernel_size_t n);
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *dest, __const void *src, __kernel_size_t n);
#endif /* __ASM_OPENRISC_STRING_H */
Reported by FlawFinder.
arch/powerpc/platforms/pseries/rtas-fadump.c
1 issues
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RTAS_FADUMP_GPR_MASK 0xffffff0000000000
static inline int rtas_fadump_gpr_index(u64 id)
{
char str[3];
int i = -1;
if ((id & RTAS_FADUMP_GPR_MASK) == fadump_str_to_u64("GPR")) {
/* get the digits at the end */
id &= ~RTAS_FADUMP_GPR_MASK;
Reported by FlawFinder.
arch/openrisc/include/asm/pgalloc.h
1 issues
Line: 48
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret) {
memset(ret, 0, USER_PTRS_PER_PGD * sizeof(pgd_t));
memcpy(ret + USER_PTRS_PER_PGD,
swapper_pg_dir + USER_PTRS_PER_PGD,
(PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t));
}
return ret;
Reported by FlawFinder.
arch/powerpc/platforms/pseries/suspend.c
1 issues
Line: 123
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", KERN_DT_UPDATE);
}
static DEVICE_ATTR(hibernate, 0644, show_hibernate, store_hibernate);
static struct bus_type suspend_subsys = {
Reported by FlawFinder.
arch/openrisc/include/asm/page.h
1 issues
Line: 40
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef __ASSEMBLY__
#define clear_page(page) memset((page), 0, PAGE_SIZE)
#define copy_page(to, from) memcpy((to), (from), PAGE_SIZE)
#define clear_user_page(page, vaddr, pg) clear_page(page)
#define copy_user_page(to, from, vaddr, pg) copy_page(to, from)
/*
Reported by FlawFinder.
arch/powerpc/sysdev/ehv_pic.c
1 issues
Line: 230
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* be translated between firmware type & linux type.
*/
static unsigned char map_of_senses_to_linux_irqtype[4] = {
IRQ_TYPE_EDGE_FALLING,
IRQ_TYPE_EDGE_RISING,
IRQ_TYPE_LEVEL_LOW,
IRQ_TYPE_LEVEL_HIGH,
};
Reported by FlawFinder.
arch/powerpc/sysdev/fsl_mpic_timer_wakeup.c
1 issues
Line: 64
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mutex_unlock(&sysfs_lock);
return sprintf(buf, "%lld\n", interval);
}
static ssize_t fsl_timer_wakeup_store(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
arch/powerpc/sysdev/fsl_rio.c
1 issues
Line: 647
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kfree(port);
continue;
}
sprintf(port->name, "RIO mport %d", i);
priv->dev = &dev->dev;
port->dev.parent = &dev->dev;
port->ops = ops;
port->priv = priv;
Reported by FlawFinder.