The following issues were found
scripts/gdb/linux/config.py
11 issues
Line: 5
Column: 1
#
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
Reported by Pylint.
Line: 20
Column: 27
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 30
Column: 9
py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
py_config_size = gdb.parse_and_eval(
"sizeof(kernel_config_data) - 1 - 8 * 2")
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
inf = gdb.inferiors()[0]
zconfig_buf = utils.read_memoryview(inf, py_config_ptr,
py_config_size).tobytes()
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
#
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
Reported by Pylint.
Line: 6
Column: 1
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
class LxConfigDump(gdb.Command):
Reported by Pylint.
Line: 11
Column: 1
from linux import utils
class LxConfigDump(gdb.Command):
"""Output kernel config to the filename specified as the command
argument. Equivalent to 'zcat /proc/config.gz > config.txt' on
a running target"""
def __init__(self):
Reported by Pylint.
Line: 17
Column: 9
a running target"""
def __init__(self):
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
Reported by Pylint.
Line: 20
Column: 5
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 20
Column: 5
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 30
Column: 9
py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
py_config_size = gdb.parse_and_eval(
"sizeof(kernel_config_data) - 1 - 8 * 2")
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
inf = gdb.inferiors()[0]
zconfig_buf = utils.read_memoryview(inf, py_config_ptr,
py_config_size).tobytes()
Reported by Pylint.
drivers/video/fbdev/intelfb/intelfbdrv.c
11 issues
Line: 1106
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return 1;
info->pixmap.scan_align = 1;
strcpy(info->fix.id, dinfo->name);
info->fix.smem_start = dinfo->fb.physical;
info->fix.smem_len = dinfo->fb.size;
info->fix.type = FB_TYPE_PACKED_PIXELS;
info->fix.type_aux = 0;
info->fix.xpanstep = 8;
Reported by FlawFinder.
Line: 1015
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
var = &dinfo->info->var;
if (FIXED_MODE(dinfo)) {
memcpy(var, &dinfo->initial_var,
sizeof(struct fb_var_screeninfo));
msrc = 5;
} else {
const u8 *edid_s = fb_firmware_edid(&dinfo->pdev->dev);
u8 *edid_d = NULL;
Reported by FlawFinder.
Line: 1189
Column: 15
CWE codes:
362
if (user) {
dinfo->open--;
msleep(1);
if (!dinfo->open)
intelfbhw_disable_irq(dinfo);
}
return 0;
}
Reported by FlawFinder.
Line: 1343
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ACCEL(dinfo, info))
intelfbhw_2d_stop(dinfo);
memcpy(hw, &dinfo->save_state, sizeof(*hw));
if (intelfbhw_mode_to_hw(dinfo, hw, &info->var))
goto invalid_mode;
if (intelfbhw_program_mode(dinfo, hw, 0))
goto invalid_mode;
Reported by FlawFinder.
Line: 1642
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* save the bitmap to restore it when XFree will
make the cursor dirty */
memcpy(dinfo->cursor_src, src, size);
intelfbhw_cursor_load(dinfo, cursor->image.width,
cursor->image.height, src);
}
Reported by FlawFinder.
Line: 269
Column: 51
CWE codes:
126
"Initial video mode \"<xres>x<yres>[-<depth>][@<refresh>]\"");
#ifndef MODULE
#define OPT_EQUAL(opt, name) (!strncmp(opt, name, strlen(name)))
#define OPT_INTVAL(opt, name) simple_strtoul(opt + strlen(name) + 1, NULL, 0)
#define OPT_STRVAL(opt, name) (opt + strlen(name))
static __inline__ char * get_opt_string(const char *this_opt, const char *name)
{
Reported by FlawFinder.
Line: 270
Column: 52
CWE codes:
126
#ifndef MODULE
#define OPT_EQUAL(opt, name) (!strncmp(opt, name, strlen(name)))
#define OPT_INTVAL(opt, name) simple_strtoul(opt + strlen(name) + 1, NULL, 0)
#define OPT_STRVAL(opt, name) (opt + strlen(name))
static __inline__ char * get_opt_string(const char *this_opt, const char *name)
{
const char *p;
Reported by FlawFinder.
Line: 271
Column: 38
CWE codes:
126
#ifndef MODULE
#define OPT_EQUAL(opt, name) (!strncmp(opt, name, strlen(name)))
#define OPT_INTVAL(opt, name) simple_strtoul(opt + strlen(name) + 1, NULL, 0)
#define OPT_STRVAL(opt, name) (opt + strlen(name))
static __inline__ char * get_opt_string(const char *this_opt, const char *name)
{
const char *p;
int i;
Reported by FlawFinder.
Line: 285
Column: 3
CWE codes:
120
i++;
ret = kmalloc(i + 1, GFP_KERNEL);
if (ret) {
strncpy(ret, p, i);
ret[i] = '\0';
}
return ret;
}
Reported by FlawFinder.
Line: 311
Column: 16
CWE codes:
126
return 0;
if (OPT_EQUAL(this_opt, name)) {
if (this_opt[strlen(name)] == '=')
*ret = simple_strtoul(this_opt + strlen(name) + 1,
NULL, 0);
else
*ret = 1;
} else {
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_ethtool.c
11 issues
Line: 208
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, size);
vsnprintf(*p, ETH_GSTRING_LEN, stats[i].stat_string, args);
*p += ETH_GSTRING_LEN;
va_end(args);
}
}
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* arguments to the i40e_add_stat_string() helper function.
**/
struct i40e_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
/* Helper macro to define an i40e_stat structure with proper size and type.
Reported by FlawFinder.
Line: 426
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define I40E_TEST_LEN (sizeof(i40e_gstrings_test) / ETH_GSTRING_LEN)
struct i40e_priv_flags {
char flag_string[ETH_GSTRING_LEN];
u64 flag;
bool read_only;
};
#define I40E_PRIV_FLAG(_name, _flag, _read_only) { \
Reported by FlawFinder.
Line: 1188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the ksettings to copy_ks to avoid modifying the origin */
memcpy(©_ks, ks, sizeof(struct ethtool_link_ksettings));
/* save autoneg out of ksettings */
autoneg = copy_ks.base.autoneg;
/* get our own copy of the bits to check against */
Reported by FlawFinder.
Line: 1842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
i40e_release_nvm(hw);
memcpy(bytes, (u8 *)eeprom_buff, eeprom->len);
free_buff:
kfree(eeprom_buff);
return ret_val;
}
Reported by FlawFinder.
Line: 2428
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, i40e_gstrings_test,
I40E_TEST_LEN * ETH_GSTRING_LEN);
break;
case ETH_SS_STATS:
i40e_get_stat_strings(netdev, data);
break;
Reported by FlawFinder.
Line: 3270
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
fsp->h_u.tcp_ip6_spec.psrc = rule->dst_port;
fsp->h_u.tcp_ip6_spec.pdst = rule->src_port;
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->src_ip6,
sizeof(__be32) * 4);
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->dst_ip6,
sizeof(__be32) * 4);
} else {
/* Reverse the src and dest notion, since the HW views them
Reported by FlawFinder.
Line: 3272
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fsp->h_u.tcp_ip6_spec.pdst = rule->src_port;
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->src_ip6,
sizeof(__be32) * 4);
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->dst_ip6,
sizeof(__be32) * 4);
} else {
/* Reverse the src and dest notion, since the HW views them
* from Tx perspective where as the user expects it from
* Rx filter view.
Reported by FlawFinder.
Line: 4765
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->ipl4_proto = fsp->h_u.usr_ip6_spec.l4_proto;
input->dst_port = fsp->h_u.tcp_ip6_spec.psrc;
input->src_port = fsp->h_u.tcp_ip6_spec.pdst;
memcpy(input->dst_ip6, fsp->h_u.ah_ip6_spec.ip6src,
sizeof(__be32) * 4);
memcpy(input->src_ip6, fsp->h_u.ah_ip6_spec.ip6dst,
sizeof(__be32) * 4);
} else {
/* Reverse the src and dest notion, since the HW expects them
Reported by FlawFinder.
Line: 4767
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->src_port = fsp->h_u.tcp_ip6_spec.pdst;
memcpy(input->dst_ip6, fsp->h_u.ah_ip6_spec.ip6src,
sizeof(__be32) * 4);
memcpy(input->src_ip6, fsp->h_u.ah_ip6_spec.ip6dst,
sizeof(__be32) * 4);
} else {
/* Reverse the src and dest notion, since the HW expects them
* to be from Tx perspective where as the input from user is
* from Rx filter view.
Reported by FlawFinder.
kernel/debug/kdb/kdb_support.c
11 issues
Line: 303
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char *s = kmalloc(n, type);
if (!s)
return NULL;
return strcpy(s, str);
}
/*
* kdb_getarea_size - Read an area of data. The kdb equivalent of
* copy_from_user, with kdb messages for invalid addresses.
Reported by FlawFinder.
Line: 55
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL(kdbgetsymval);
static char *kdb_name_table[100]; /* arbitrary size */
/*
* kdbnearsym - Return the name of the symbol with the nearest address
* less than 'addr'.
*
Reported by FlawFinder.
Line: 162
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static char ks_namebuf[KSYM_NAME_LEN+1], ks_namebuf_prev[KSYM_NAME_LEN+1];
/*
* kallsyms_symbol_complete
*
* Parameters:
Reported by FlawFinder.
Line: 190
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (++number == 1) {
prev_len = min_t(int, max_len-1,
strlen(ks_namebuf));
memcpy(ks_namebuf_prev, ks_namebuf, prev_len);
ks_namebuf_prev[prev_len] = '\0';
continue;
}
for (i = 0; i < prev_len; i++) {
if (ks_namebuf[i] != ks_namebuf_prev[i]) {
Reported by FlawFinder.
Line: 204
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
if (prev_len > prefix_len)
memcpy(prefix_name, ks_namebuf_prev, prev_len+1);
return number;
}
/*
* kallsyms_symbol_next
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 1;
page = pfn_to_page(pfn);
vaddr = kmap_atomic(page);
memcpy(res, vaddr + (addr & (PAGE_SIZE - 1)), size);
kunmap_atomic(vaddr);
return 0;
}
Reported by FlawFinder.
Line: 115
Column: 4
CWE codes:
120
* What was Rusty smoking when he wrote that code?
*/
if (symtab->sym_name != knt1) {
strncpy(knt1, symtab->sym_name, knt1_size);
knt1[knt1_size-1] = '\0';
}
for (i = 0; i < ARRAY_SIZE(kdb_name_table); ++i) {
if (kdb_name_table[i] &&
strcmp(kdb_name_table[i], knt1) == 0)
Reported by FlawFinder.
Line: 179
Column: 19
CWE codes:
126
int kallsyms_symbol_complete(char *prefix_name, int max_len)
{
loff_t pos = 0;
int prefix_len = strlen(prefix_name), prev_len = 0;
int i, number = 0;
const char *name;
while ((name = kdb_walk_kallsyms(&pos))) {
if (strncmp(name, prefix_name, prefix_len) == 0) {
Reported by FlawFinder.
Line: 189
Column: 8
CWE codes:
126
/* Work out the longest name that matches the prefix */
if (++number == 1) {
prev_len = min_t(int, max_len-1,
strlen(ks_namebuf));
memcpy(ks_namebuf_prev, ks_namebuf, prev_len);
ks_namebuf_prev[prev_len] = '\0';
continue;
}
for (i = 0; i < prev_len; i++) {
Reported by FlawFinder.
Line: 222
Column: 19
CWE codes:
126
*/
int kallsyms_symbol_next(char *prefix_name, int flag, int buf_size)
{
int prefix_len = strlen(prefix_name);
static loff_t pos;
const char *name;
if (!flag)
pos = 0;
Reported by FlawFinder.
drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c
11 issues
Line: 148
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, size);
vsnprintf(*p, ETH_GSTRING_LEN, stats[i].stat_string, args);
*p += ETH_GSTRING_LEN;
va_end(args);
}
}
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* should use the same format specifiers as they will be formatted
* using the same variadic arguments.
*/
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
#define FM10K_STAT_FIELDS(_type, _name, _stat) { \
Reported by FlawFinder.
Line: 136
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FM10K_PRV_FLAG_LEN,
};
static const char fm10k_prv_flags[FM10K_PRV_FLAG_LEN][ETH_GSTRING_LEN] = {
};
static void __fm10k_add_stat_strings(u8 **p, const struct fm10k_stats stats[],
const unsigned int size, ...)
{
Reported by FlawFinder.
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, fm10k_gstrings_test,
FM10K_TEST_LEN * ETH_GSTRING_LEN);
break;
case ETH_SS_STATS:
fm10k_get_stat_strings(dev, data);
break;
Reported by FlawFinder.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fm10k_get_stat_strings(dev, data);
break;
case ETH_SS_PRIV_FLAGS:
memcpy(data, fm10k_prv_flags,
FM10K_PRV_FLAG_LEN * ETH_GSTRING_LEN);
break;
}
}
Reported by FlawFinder.
Line: 575
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (new_tx_count != interface->tx_ring_count) {
for (i = 0; i < interface->num_tx_queues; i++) {
memcpy(&temp_ring[i], interface->tx_ring[i],
sizeof(struct fm10k_ring));
temp_ring[i].count = new_tx_count;
err = fm10k_setup_tx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 592
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < interface->num_tx_queues; i++) {
fm10k_free_tx_resources(interface->tx_ring[i]);
memcpy(interface->tx_ring[i], &temp_ring[i],
sizeof(struct fm10k_ring));
}
interface->tx_ring_count = new_tx_count;
}
Reported by FlawFinder.
Line: 602
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Repeat the process for the Rx rings if needed */
if (new_rx_count != interface->rx_ring_count) {
for (i = 0; i < interface->num_rx_queues; i++) {
memcpy(&temp_ring[i], interface->rx_ring[i],
sizeof(struct fm10k_ring));
temp_ring[i].count = new_rx_count;
err = fm10k_setup_rx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 619
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < interface->num_rx_queues; i++) {
fm10k_free_rx_resources(interface->rx_ring[i]);
memcpy(interface->rx_ring[i], &temp_ring[i],
sizeof(struct fm10k_ring));
}
interface->rx_ring_count = new_rx_count;
}
Reported by FlawFinder.
Line: 451
Column: 2
CWE codes:
120
{
struct fm10k_intfc *interface = netdev_priv(dev);
strncpy(info->driver, fm10k_driver_name,
sizeof(info->driver) - 1);
strncpy(info->bus_info, pci_name(interface->pdev),
sizeof(info->bus_info) - 1);
}
Reported by FlawFinder.
drivers/video/backlight/sky81452-backlight.c
11 issues
Line: 129
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < 6; i++) {
if (value & 0x01) {
sprintf(tmp, "%d ", i + 1);
strcat(buf, tmp);
}
value >>= 1;
}
strcat(buf, "\n");
} else {
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct regmap *regmap = bl_get_data(to_backlight_device(dev));
unsigned int reg, value = 0;
char tmp[3];
int i, ret;
reg = !strcmp(attr->attr.name, "open") ? SKY81452_REG5 : SKY81452_REG4;
ret = regmap_read(regmap, reg, &value);
if (ret < 0)
Reported by FlawFinder.
Line: 128
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*buf = 0;
for (i = 0; i < 6; i++) {
if (value & 0x01) {
sprintf(tmp, "%d ", i + 1);
strcat(buf, tmp);
}
value >>= 1;
}
strcat(buf, "\n");
Reported by FlawFinder.
Line: 135
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcat(buf, "\n");
} else {
strcpy(buf, "none\n");
}
return strlen(buf);
}
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*buf = 0;
if (value & SKY81452_OCP)
strcat(buf, "over-current ");
if (value & SKY81452_OTMP)
strcat(buf, "over-temperature");
strcat(buf, "\n");
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, "over-current ");
if (value & SKY81452_OTMP)
strcat(buf, "over-temperature");
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 165
Column: 20
CWE codes:
362
}
static DEVICE_ATTR(enable, S_IWGRP | S_IWUSR, NULL, sky81452_bl_store_enable);
static DEVICE_ATTR(open, S_IRUGO, sky81452_bl_show_open_short, NULL);
static DEVICE_ATTR(short, S_IRUGO, sky81452_bl_show_open_short, NULL);
static DEVICE_ATTR(fault, S_IRUGO, sky81452_bl_show_fault, NULL);
static struct attribute *sky81452_bl_attribute[] = {
&dev_attr_enable.attr,
Reported by FlawFinder.
Line: 133
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
value >>= 1;
}
strcat(buf, "\n");
} else {
strcpy(buf, "none\n");
}
return strlen(buf);
Reported by FlawFinder.
Line: 138
Column: 9
CWE codes:
126
strcpy(buf, "none\n");
}
return strlen(buf);
}
static ssize_t sky81452_bl_show_fault(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (value & SKY81452_OTMP)
strcat(buf, "over-temperature");
strcat(buf, "\n");
return strlen(buf);
}
static DEVICE_ATTR(enable, S_IWGRP | S_IWUSR, NULL, sky81452_bl_store_enable);
static DEVICE_ATTR(open, S_IRUGO, sky81452_bl_show_open_short, NULL);
Reported by FlawFinder.
tools/perf/builtin-report.c
11 issues
Line: 494
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
if (rep->mem_mode) {
ret += fprintf(fp, "\n# Total weight : %" PRIu64, nr_events);
ret += fprintf(fp, "\n# Sort order : %s", sort_order ? : default_mem_sort_order);
} else
ret += fprintf(fp, "\n# Event count (approx.): %" PRIu64, nr_events);
if (socked_id > -1)
Reported by FlawFinder.
Line: 497
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
ret += fprintf(fp, "\n# Total weight : %" PRIu64, nr_events);
ret += fprintf(fp, "\n# Sort order : %s", sort_order ? : default_mem_sort_order);
} else
ret += fprintf(fp, "\n# Event count (approx.): %" PRIu64, nr_events);
if (socked_id > -1)
ret += fprintf(fp, "\n# Processor Socket: %d", socked_id);
return ret + fprintf(fp, "\n#\n");
Reported by FlawFinder.
Line: 1382
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
perf_quiet_option();
if (symbol_conf.vmlinux_name &&
access(symbol_conf.vmlinux_name, R_OK)) {
pr_err("Invalid file: %s\n", symbol_conf.vmlinux_name);
ret = -EINVAL;
goto exit;
}
if (symbol_conf.kallsyms_name &&
Reported by FlawFinder.
Line: 1388
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto exit;
}
if (symbol_conf.kallsyms_name &&
access(symbol_conf.kallsyms_name, R_OK)) {
pr_err("Invalid file: %s\n", symbol_conf.kallsyms_name);
ret = -EINVAL;
goto exit;
}
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long nr_samples = hists->stats.nr_samples;
u64 nr_events = hists->stats.total_period;
struct evsel *evsel = hists_to_evsel(hists);
char buf[512];
size_t size = sizeof(buf);
int socked_id = hists->socket_filter;
if (quiet)
return 0;
Reported by FlawFinder.
Line: 1078
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (arg) {
int err = regcomp(&ignore_callees_regex, arg, REG_EXTENDED);
if (err) {
char buf[BUFSIZ];
regerror(err, &ignore_callees_regex, buf, sizeof(buf));
pr_err("Invalid --ignore-callees regex: %s\n%s", arg, buf);
return -1;
}
have_ignore_callees = 1;
Reported by FlawFinder.
Line: 1346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.mode = PERF_DATA_MODE_READ,
};
int ret = hists__init();
char sort_tmp[128];
if (ret < 0)
goto exit;
ret = perf_config(report__config, &report);
Reported by FlawFinder.
Line: 334
Column: 33
CWE codes:
120
20
if (rep->show_threads) {
const char *name = evsel__name(evsel);
int err = perf_read_values_add_value(&rep->show_threads_values,
event->read.pid, event->read.tid,
evsel->core.idx,
name,
event->read.value);
if (err)
Reported by FlawFinder.
Line: 334
Column: 16
CWE codes:
120
20
if (rep->show_threads) {
const char *name = evsel__name(evsel);
int err = perf_read_values_add_value(&rep->show_threads_values,
event->read.pid, event->read.tid,
evsel->core.idx,
name,
event->read.value);
if (err)
Reported by FlawFinder.
drivers/net/ethernet/intel/e1000/e1000_ethtool.c
11 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum {NETDEV_STATS, E1000_STATS};
struct e1000_stats {
char stat_string[ETH_GSTRING_LEN];
int type;
int sizeof_stat;
int stat_offset;
};
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < last_word - first_word + 1; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(bytes, (u8 *)eeprom_buff + (eeprom->offset & 1),
eeprom->len);
kfree(eeprom_buff);
return ret_val;
}
Reported by FlawFinder.
Line: 513
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < last_word - first_word + 1; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(ptr, bytes, eeprom->len);
for (i = 0; i < last_word - first_word + 1; i++)
cpu_to_le16s(&eeprom_buff[i]);
ret_val = e1000_write_eeprom(hw, first_word,
Reported by FlawFinder.
Line: 1839
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, e1000_gstrings_test, sizeof(e1000_gstrings_test));
break;
case ETH_SS_STATS:
for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) {
memcpy(p, e1000_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
Reported by FlawFinder.
Line: 1843
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_STATS:
for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) {
memcpy(p, e1000_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
/* BUG_ON(p - data != E1000_STATS_LEN * ETH_GSTRING_LEN); */
break;
Reported by FlawFinder.
Line: 659
Column: 6
CWE codes:
120
20
0x5A5A5A5A, 0xA5A5A5A5, 0x00000000, 0xFFFFFFFF
};
u8 __iomem *address = hw->hw_addr + reg;
u32 read;
int i;
for (i = 0; i < ARRAY_SIZE(test); i++) {
writel(write & test[i], address);
read = readl(address);
Reported by FlawFinder.
Line: 665
Column: 7
CWE codes:
120
20
for (i = 0; i < ARRAY_SIZE(test); i++) {
writel(write & test[i], address);
read = readl(address);
if (read != (write & test[i] & mask)) {
e_err(drv, "pattern test reg %04X failed: "
"got 0x%08X expected 0x%08X\n",
reg, read, (write & test[i] & mask));
*data = reg;
return true;
Reported by FlawFinder.
Line: 668
Column: 15
CWE codes:
120
20
if (read != (write & test[i] & mask)) {
e_err(drv, "pattern test reg %04X failed: "
"got 0x%08X expected 0x%08X\n",
reg, read, (write & test[i] & mask));
*data = reg;
return true;
}
}
return false;
Reported by FlawFinder.
Line: 681
Column: 6
CWE codes:
120
20
{
struct e1000_hw *hw = &adapter->hw;
u8 __iomem *address = hw->hw_addr + reg;
u32 read;
writel(write & mask, address);
read = readl(address);
if ((read & mask) != (write & mask)) {
e_err(drv, "set/check reg %04X test failed: "
Reported by FlawFinder.
Line: 685
Column: 7
CWE codes:
120
20
writel(write & mask, address);
read = readl(address);
if ((read & mask) != (write & mask)) {
e_err(drv, "set/check reg %04X test failed: "
"got 0x%08X expected 0x%08X\n",
reg, (read & mask), (write & mask));
*data = reg;
return true;
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/rx.c
11 issues
Line: 89
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&priv->measure_report, report, sizeof(*report));
priv->measurement_status |= MEASUREMENT_READY;
}
static void iwlagn_rx_pm_sleep_notif(struct iwl_priv *priv,
struct iwl_rx_cmd_buffer *rxb)
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iwlagn_recover_from_statistics(priv, rx_ofdm, rx_ofdm_ht, tx, stamp);
priv->statistics.flag = *flag;
memcpy(&priv->statistics.common, common, sizeof(*common));
memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
Reported by FlawFinder.
Line: 417
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->statistics.flag = *flag;
memcpy(&priv->statistics.common, common, sizeof(*common));
memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
Reported by FlawFinder.
Line: 418
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->statistics.flag = *flag;
memcpy(&priv->statistics.common, common, sizeof(*common));
memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
if (bt_activity)
Reported by FlawFinder.
Line: 419
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&priv->statistics.common, common, sizeof(*common));
memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
if (bt_activity)
memcpy(&priv->statistics.bt_activity, bt_activity,
Reported by FlawFinder.
Line: 420
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
if (bt_activity)
memcpy(&priv->statistics.bt_activity, bt_activity,
sizeof(*bt_activity));
Reported by FlawFinder.
Line: 421
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
if (bt_activity)
memcpy(&priv->statistics.bt_activity, bt_activity,
sizeof(*bt_activity));
#endif
Reported by FlawFinder.
Line: 424
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&priv->statistics.tx, tx, sizeof(*tx));
#ifdef CONFIG_IWLWIFI_DEBUGFS
if (bt_activity)
memcpy(&priv->statistics.bt_activity, bt_activity,
sizeof(*bt_activity));
#endif
priv->rx_statistics_jiffies = stamp;
Reported by FlawFinder.
Line: 552
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->last_phy_res_valid = true;
priv->ampdu_ref++;
memcpy(&priv->last_phy_res, pkt->data,
sizeof(struct iwl_rx_phy_res));
}
/*
* returns non-zero if packet should be dropped
Reported by FlawFinder.
Line: 674
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
ieee80211_rx_napi(priv->hw, NULL, skb, priv->napi);
}
static u32 iwlagn_translate_rx_status(struct iwl_priv *priv, u32 decrypt_in)
Reported by FlawFinder.
drivers/net/ethernet/intel/e1000e/ethtool.c
11 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum { NETDEV_STATS, E1000_STATS };
struct e1000_stats {
char stat_string[ETH_GSTRING_LEN];
int type;
int sizeof_stat;
int stat_offset;
};
Reported by FlawFinder.
Line: 551
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
le16_to_cpus(&eeprom_buff[i]);
}
memcpy(bytes, (u8 *)eeprom_buff + (eeprom->offset & 1), eeprom->len);
kfree(eeprom_buff);
return ret_val;
}
Reported by FlawFinder.
Line: 611
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < last_word - first_word + 1; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(ptr, bytes, eeprom->len);
for (i = 0; i < last_word - first_word + 1; i++)
cpu_to_le16s(&eeprom_buff[i]);
ret_val = e1000_write_nvm(hw, first_word,
Reported by FlawFinder.
Line: 733
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* structs. First, attempt to allocate new resources...
*/
if (set_tx) {
memcpy(temp_tx, adapter->tx_ring, size);
temp_tx->count = new_tx_count;
err = e1000e_setup_tx_resources(temp_tx);
if (err)
goto err_setup;
}
Reported by FlawFinder.
Line: 740
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_setup;
}
if (set_rx) {
memcpy(temp_rx, adapter->rx_ring, size);
temp_rx->count = new_rx_count;
err = e1000e_setup_rx_resources(temp_rx);
if (err)
goto err_setup_rx;
}
Reported by FlawFinder.
Line: 750
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* ...then free the old resources and copy back any new ring data */
if (set_tx) {
e1000e_free_tx_resources(adapter->tx_ring);
memcpy(adapter->tx_ring, temp_tx, size);
adapter->tx_ring_count = new_tx_count;
}
if (set_rx) {
e1000e_free_rx_resources(adapter->rx_ring);
memcpy(adapter->rx_ring, temp_rx, size);
Reported by FlawFinder.
Line: 755
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (set_rx) {
e1000e_free_rx_resources(adapter->rx_ring);
memcpy(adapter->rx_ring, temp_rx, size);
adapter->rx_ring_count = new_rx_count;
}
err_setup_rx:
if (err && set_tx)
Reported by FlawFinder.
Line: 2100
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, e1000_gstrings_test, sizeof(e1000_gstrings_test));
break;
case ETH_SS_STATS:
for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) {
memcpy(p, e1000_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
Reported by FlawFinder.
Line: 2104
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_STATS:
for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) {
memcpy(p, e1000_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
case ETH_SS_PRIV_FLAGS:
Reported by FlawFinder.
Line: 2110
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
break;
case ETH_SS_PRIV_FLAGS:
memcpy(data, e1000e_priv_flags_strings,
E1000E_PRIV_FLAGS_STR_LEN * ETH_GSTRING_LEN);
break;
}
}
Reported by FlawFinder.