The following issues were found
drivers/video/fbdev/sis/vstruct.h
10 issues
Line: 57
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define _VSTRUCT_H_
struct SiS_PanelDelayTbl {
unsigned char timer[2];
};
struct SiS_LCDData {
unsigned short RVBHCMAX;
unsigned short RVBHCFACT;
Reported by FlawFinder.
Line: 99
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct SiS_LVDSCRT1Data {
unsigned char CR[15];
};
struct SiS_CHTVRegData {
unsigned char Reg[16];
};
Reported by FlawFinder.
Line: 103
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct SiS_CHTVRegData {
unsigned char Reg[16];
};
struct SiS_St {
unsigned char St_ModeID;
unsigned short St_ModeFlag;
Reported by FlawFinder.
Line: 134
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ROWS;
unsigned char CHAR_HEIGHT;
unsigned short CRT_LEN;
unsigned char SR[4];
unsigned char MISC;
unsigned char CRTC[0x19];
unsigned char ATTR[0x14];
unsigned char GRC[9];
};
Reported by FlawFinder.
Line: 136
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short CRT_LEN;
unsigned char SR[4];
unsigned char MISC;
unsigned char CRTC[0x19];
unsigned char ATTR[0x14];
unsigned char GRC[9];
};
struct SiS_Ext {
Reported by FlawFinder.
Line: 137
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char SR[4];
unsigned char MISC;
unsigned char CRTC[0x19];
unsigned char ATTR[0x14];
unsigned char GRC[9];
};
struct SiS_Ext {
unsigned char Ext_ModeID;
Reported by FlawFinder.
Line: 138
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char MISC;
unsigned char CRTC[0x19];
unsigned char ATTR[0x14];
unsigned char GRC[9];
};
struct SiS_Ext {
unsigned char Ext_ModeID;
unsigned short Ext_ModeFlag;
Reported by FlawFinder.
Line: 173
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct SiS_Part2PortTbl {
unsigned char CR[12];
};
struct SiS_CRT1Table {
unsigned char CR[17];
};
Reported by FlawFinder.
Line: 177
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct SiS_CRT1Table {
unsigned char CR[17];
};
struct SiS_MCLKData {
unsigned char SR28,SR29,SR2A;
unsigned short CLOCK;
Reported by FlawFinder.
Line: 503
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short CVBlankEnd;
unsigned int CDClock;
unsigned int CFlags;
unsigned char CCRT1CRTC[17];
unsigned char CSR2B;
unsigned char CSR2C;
unsigned short CSRClock;
unsigned short CSRClock_CRT1;
unsigned short CModeFlag;
Reported by FlawFinder.
fs/nfs/nfs4idmap.c
10 issues
Line: 168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nfs_map_string_to_numeric(const char *name, size_t namelen, __u32 *res)
{
unsigned long val;
char buf[16];
if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf))
return 0;
memcpy(buf, name, namelen);
buf[namelen] = '\0';
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf))
return 0;
memcpy(buf, name, namelen);
buf[namelen] = '\0';
if (kstrtoul(buf, 0, &val) != 0)
return 0;
*res = val;
return 1;
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
cp = *desc;
memcpy(cp, type, typelen);
cp += typelen;
*cp++ = ':';
memcpy(cp, name, namelen);
cp += namelen;
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp += typelen;
*cp++ = ':';
memcpy(cp, name, namelen);
cp += namelen;
*cp = '\0';
return desclen;
}
Reported by FlawFinder.
Line: 338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = payload->datalen;
if (ret > 0 && ret <= data_size)
memcpy(data, payload->data, ret);
else
ret = -EINVAL;
out_up:
rcu_read_unlock();
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf,
size_t buflen, struct idmap *idmap)
{
char id_str[NFS_UINT_MAXLEN];
int id_len;
ssize_t ret;
id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str));
ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap);
Reported by FlawFinder.
Line: 368
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nfs_idmap_lookup_id(const char *name, size_t namelen, const char *type,
__u32 *id, struct idmap *idmap)
{
char id_str[NFS_UINT_MAXLEN];
long id_long;
ssize_t data_size;
int ret = 0;
data_size = nfs_idmap_get_key(name, namelen, type, id_str, NFS_UINT_MAXLEN, idmap);
Reported by FlawFinder.
Line: 637
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct idmap_msg *upcall,
struct key *key, struct key *authkey)
{
char id_str[NFS_UINT_MAXLEN];
size_t len;
int ret = -ENOKEY;
/* ret = -ENOKEY */
if (upcall->im_type != im->im_type || upcall->im_conv != im->im_conv)
Reported by FlawFinder.
Line: 286
Column: 48
CWE codes:
126
struct key *rkey = ERR_PTR(-EAGAIN);
ssize_t ret;
ret = nfs_idmap_get_desc(name, namelen, type, strlen(type), &desc);
if (ret < 0)
return ERR_PTR(ret);
if (!idmap->user_ns || idmap->user_ns == &init_user_ns)
rkey = request_key(&key_type_id_resolver, desc, "");
Reported by FlawFinder.
Line: 656
Column: 9
CWE codes:
126
case IDMAP_CONV_IDTONAME:
if (upcall->im_id != im->im_id)
break;
len = strlen(im->im_name);
ret = nfs_idmap_instantiate(key, authkey, im->im_name, len);
break;
default:
ret = -EINVAL;
}
Reported by FlawFinder.
fs/nls/mac-greek.c
10 issues
Line: 52
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00 */
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x03cb, 0x0390, 0x03b0, 0x00ad,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 170
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x9d, 0x00, 0x9e, 0x9f, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 240
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0xd0, 0x00, 0xd1, 0x00, 0x00, /* 0x10-0x17 */
0xd4, 0xd5, 0x00, 0x00, 0xd2, 0xd3, 0x00, 0x00, /* 0x18-0x1f */
0xa0, 0x00, 0x96, 0x00, 0x00, 0x00, 0xc9, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 310
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 345
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char *const page_uni2charset[256] = {
page00, page01, NULL, page03, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
page20, page21, page22, NULL, NULL, NULL, NULL, NULL,
Reported by FlawFinder.
Line: 380
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x00-0x07 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x08-0x0f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x10-0x17 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x18-0x1f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 415
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x00-0x07 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x08-0x0f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x10-0x17 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x18-0x1f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x20-0x27 */
Reported by FlawFinder.
fs/namei.c
10 issues
Line: 4792
Column: 29
CWE codes:
362
20
Suggestion:
Reconsider approach
int res;
if (unlikely(!(inode->i_opflags & IOP_DEFAULT_READLINK))) {
if (unlikely(inode->i_op->readlink))
return inode->i_op->readlink(dentry, buffer, buflen);
if (!d_is_symlink(dentry))
return -EINVAL;
Reported by FlawFinder.
Line: 4793
Column: 24
CWE codes:
362
20
Suggestion:
Reconsider approach
if (unlikely(!(inode->i_opflags & IOP_DEFAULT_READLINK))) {
if (unlikely(inode->i_op->readlink))
return inode->i_op->readlink(dentry, buffer, buflen);
if (!d_is_symlink(dentry))
return -EINVAL;
spin_lock(&inode->i_lock);
Reported by FlawFinder.
Line: 3168
CWE codes:
476
dput(dentry);
dentry = NULL;
}
if (dentry->d_inode) {
/* Cached positive dentry: will open in f_op->open */
return dentry;
}
/*
Reported by Cppcheck.
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__putname(result);
return ERR_PTR(-ENAMETOOLONG);
}
memcpy((char *)result->name, filename, len);
result->uptr = NULL;
result->aname = NULL;
result->refcnt = 1;
audit_getname(result);
Reported by FlawFinder.
Line: 624
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd->flags & LOOKUP_RCU ? GFP_ATOMIC : GFP_KERNEL);
if (unlikely(!p))
return false;
memcpy(p, nd->internal, sizeof(nd->internal));
nd->stack = p;
return true;
}
/**
Reported by FlawFinder.
Line: 3416
Column: 18
CWE codes:
377
if (error)
goto out_err;
error = -EOPNOTSUPP;
if (!dir->i_op->tmpfile)
goto out_err;
error = -ENOMEM;
child = d_alloc(dentry, &slash_name);
if (unlikely(!child))
goto out_err;
Reported by FlawFinder.
Line: 3422
Column: 21
CWE codes:
377
child = d_alloc(dentry, &slash_name);
if (unlikely(!child))
goto out_err;
error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
if (error)
goto out_err;
error = -ENOENT;
inode = child->d_inode;
if (unlikely(!inode))
Reported by FlawFinder.
Line: 4906
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto fail;
memcpy(page_address(page), symname, len-1);
err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
page, fsdata);
if (err < 0)
goto fail;
Reported by FlawFinder.
Line: 216
Column: 12
CWE codes:
126
getname_kernel(const char * filename)
{
struct filename *result;
int len = strlen(filename) + 1;
result = __getname();
if (unlikely(!result))
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 4765
Column: 8
CWE codes:
126
if (IS_ERR(link))
goto out;
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
if (copy_to_user(buffer, link, len))
len = -EFAULT;
out:
Reported by FlawFinder.
fs/binfmt_misc.c
10 issues
Line: 511
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
status = "enabled";
if (!VERBOSE_STATUS) {
sprintf(page, "%s\n", status);
return;
}
dp += sprintf(dp, "%s\ninterpreter %s\n", status, e->interpreter);
Reported by FlawFinder.
Line: 515
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
}
dp += sprintf(dp, "%s\ninterpreter %s\n", status, e->interpreter);
/* print the special flags */
dp += sprintf(dp, "flags: ");
if (e->flags & MISC_FMT_PRESERVE_ARGV0)
*dp++ = 'P';
Reported by FlawFinder.
Line: 530
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*dp++ = '\n';
if (!test_bit(Magic, &e->flags)) {
sprintf(dp, "extension .%s\n", e->magic);
} else {
dp += sprintf(dp, "offset %i\nmagic ", e->offset);
dp = bin2hex(dp, e->magic, e->size);
if (e->mask) {
dp += sprintf(dp, "\nmask ");
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int parse_command(const char __user *buffer, size_t count)
{
char s[4];
if (count > 3)
return -EINVAL;
if (copy_from_user(s, buffer, count))
return -EFAULT;
Reported by FlawFinder.
Line: 518
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dp += sprintf(dp, "%s\ninterpreter %s\n", status, e->interpreter);
/* print the special flags */
dp += sprintf(dp, "flags: ");
if (e->flags & MISC_FMT_PRESERVE_ARGV0)
*dp++ = 'P';
if (e->flags & MISC_FMT_OPEN_BINARY)
*dp++ = 'O';
if (e->flags & MISC_FMT_CREDENTIALS)
Reported by FlawFinder.
Line: 532
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!test_bit(Magic, &e->flags)) {
sprintf(dp, "extension .%s\n", e->magic);
} else {
dp += sprintf(dp, "offset %i\nmagic ", e->offset);
dp = bin2hex(dp, e->magic, e->size);
if (e->mask) {
dp += sprintf(dp, "\nmask ");
dp = bin2hex(dp, e->mask, e->size);
}
Reported by FlawFinder.
Line: 535
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dp += sprintf(dp, "offset %i\nmagic ", e->offset);
dp = bin2hex(dp, e->magic, e->size);
if (e->mask) {
dp += sprintf(dp, "\nmask ");
dp = bin2hex(dp, e->mask, e->size);
}
*dp++ = '\n';
*dp = '\0';
}
Reported by FlawFinder.
Line: 597
Column: 57
CWE codes:
126
entry_status(e, page);
res = simple_read_from_buffer(buf, nbytes, ppos, page, strlen(page));
free_page((unsigned long) page);
return res;
}
Reported by FlawFinder.
Line: 671
Column: 41
CWE codes:
126
}
inode_lock(d_inode(root));
dentry = lookup_one_len(e->name, root, strlen(e->name));
err = PTR_ERR(dentry);
if (IS_ERR(dentry))
goto out;
err = -EEXIST;
Reported by FlawFinder.
Line: 729
Column: 55
CWE codes:
126
{
char *s = enabled ? "enabled\n" : "disabled\n";
return simple_read_from_buffer(buf, nbytes, ppos, s, strlen(s));
}
static ssize_t bm_status_write(struct file *file, const char __user *buffer,
size_t count, loff_t *ppos)
{
Reported by FlawFinder.
include/acpi/actbl.h
10 issues
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
******************************************************************************/
struct acpi_table_header {
char signature[ACPI_NAMESEG_SIZE]; /* ASCII table signature */
u32 length; /* Length of table in bytes, including this header */
u8 revision; /* ACPI Specification minor version number */
u8 checksum; /* To make sum of entire table == 0 */
char oem_id[ACPI_OEM_ID_SIZE]; /* ASCII OEM identification */
char oem_table_id[ACPI_OEM_TABLE_ID_SIZE]; /* ASCII OEM table identification */
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 length; /* Length of table in bytes, including this header */
u8 revision; /* ACPI Specification minor version number */
u8 checksum; /* To make sum of entire table == 0 */
char oem_id[ACPI_OEM_ID_SIZE]; /* ASCII OEM identification */
char oem_table_id[ACPI_OEM_TABLE_ID_SIZE]; /* ASCII OEM table identification */
u32 oem_revision; /* OEM revision number */
char asl_compiler_id[ACPI_NAMESEG_SIZE]; /* ASCII ASL compiler vendor ID */
u32 asl_compiler_revision; /* ASL compiler version */
};
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 revision; /* ACPI Specification minor version number */
u8 checksum; /* To make sum of entire table == 0 */
char oem_id[ACPI_OEM_ID_SIZE]; /* ASCII OEM identification */
char oem_table_id[ACPI_OEM_TABLE_ID_SIZE]; /* ASCII OEM table identification */
u32 oem_revision; /* OEM revision number */
char asl_compiler_id[ACPI_NAMESEG_SIZE]; /* ASCII ASL compiler vendor ID */
u32 asl_compiler_revision; /* ASL compiler version */
};
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char oem_id[ACPI_OEM_ID_SIZE]; /* ASCII OEM identification */
char oem_table_id[ACPI_OEM_TABLE_ID_SIZE]; /* ASCII OEM table identification */
u32 oem_revision; /* OEM revision number */
char asl_compiler_id[ACPI_NAMESEG_SIZE]; /* ASCII ASL compiler vendor ID */
u32 asl_compiler_revision; /* ASL compiler version */
};
/*******************************************************************************
*
Reported by FlawFinder.
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
******************************************************************************/
struct acpi_table_rsdp {
char signature[8]; /* ACPI signature, contains "RSD PTR " */
u8 checksum; /* ACPI 1.0 checksum */
char oem_id[ACPI_OEM_ID_SIZE]; /* OEM identification */
u8 revision; /* Must be (0) for ACPI 1.0 or (2) for ACPI 2.0+ */
u32 rsdt_physical_address; /* 32-bit physical address of the RSDT */
u32 length; /* Table length in bytes, including header (ACPI 2.0+) */
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_table_rsdp {
char signature[8]; /* ACPI signature, contains "RSD PTR " */
u8 checksum; /* ACPI 1.0 checksum */
char oem_id[ACPI_OEM_ID_SIZE]; /* OEM identification */
u8 revision; /* Must be (0) for ACPI 1.0 or (2) for ACPI 2.0+ */
u32 rsdt_physical_address; /* 32-bit physical address of the RSDT */
u32 length; /* Table length in bytes, including header (ACPI 2.0+) */
u64 xsdt_physical_address; /* 64-bit physical address of the XSDT (ACPI 2.0+) */
u8 extended_checksum; /* Checksum of entire table (ACPI 2.0+) */
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Standalone struct for the ACPI 1.0 RSDP */
struct acpi_rsdp_common {
char signature[8];
u8 checksum;
char oem_id[ACPI_OEM_ID_SIZE];
u8 revision;
u32 rsdt_physical_address;
};
Reported by FlawFinder.
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_rsdp_common {
char signature[8];
u8 checksum;
char oem_id[ACPI_OEM_ID_SIZE];
u8 revision;
u32 rsdt_physical_address;
};
/* Standalone struct for the extended part of the RSDP (ACPI 2.0+) */
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
******************************************************************************/
struct acpi_table_facs {
char signature[4]; /* ASCII table signature */
u32 length; /* Length of structure, in bytes */
u32 hardware_signature; /* Hardware configuration signature */
u32 firmware_waking_vector; /* 32-bit physical address of the Firmware Waking Vector */
u32 global_lock; /* Global Lock for shared hardware resources */
u32 flags;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
union acpi_name_union {
u32 integer;
char ascii[4];
};
/* Internal ACPI Table Descriptor. One per ACPI table. */
struct acpi_table_desc {
Reported by FlawFinder.
drivers/video/fbdev/sm712.h
10 issues
Line: 83
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int bpp;
int hz;
unsigned char init_misc;
unsigned char init_sr00_sr04[SIZE_SR00_SR04];
unsigned char init_sr10_sr24[SIZE_SR10_SR24];
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
Reported by FlawFinder.
Line: 84
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int hz;
unsigned char init_misc;
unsigned char init_sr00_sr04[SIZE_SR00_SR04];
unsigned char init_sr10_sr24[SIZE_SR10_SR24];
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
Reported by FlawFinder.
Line: 85
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_misc;
unsigned char init_sr00_sr04[SIZE_SR00_SR04];
unsigned char init_sr10_sr24[SIZE_SR10_SR24];
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
Reported by FlawFinder.
Line: 86
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_sr00_sr04[SIZE_SR00_SR04];
unsigned char init_sr10_sr24[SIZE_SR10_SR24];
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
Reported by FlawFinder.
Line: 87
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_sr10_sr24[SIZE_SR10_SR24];
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
Reported by FlawFinder.
Line: 88
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_sr30_sr75[SIZE_SR30_SR75];
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
};
Reported by FlawFinder.
Line: 89
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_sr80_sr93[SIZE_SR80_SR93];
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
};
Reported by FlawFinder.
Line: 90
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_sra0_sraf[SIZE_SRA0_SRAF];
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
};
#ifdef __BIG_ENDIAN
Reported by FlawFinder.
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_gr00_gr08[SIZE_GR00_GR08];
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
};
#ifdef __BIG_ENDIAN
#define pal_rgb(r, g, b, val) (((r & 0xf800) >> 8) | \
Reported by FlawFinder.
Line: 92
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char init_ar00_ar14[SIZE_AR00_AR14];
unsigned char init_cr00_cr18[SIZE_CR00_CR18];
unsigned char init_cr30_cr4d[SIZE_CR30_CR4D];
unsigned char init_cr90_cra7[SIZE_CR90_CRA7];
};
#ifdef __BIG_ENDIAN
#define pal_rgb(r, g, b, val) (((r & 0xf800) >> 8) | \
((g & 0xe000) >> 13) | \
Reported by FlawFinder.
fs/nfs/nfsroot.c
10 issues
Line: 147
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
size_t n = strlen(line) + sizeof(NFS_ROOT) - 1;
if (n >= sizeof(nfs_root_parms))
line[sizeof(nfs_root_parms) - sizeof(NFS_ROOT) - 2] = '\0';
sprintf(nfs_root_parms, NFS_ROOT, line);
}
/*
* Extract the IP address of the NFS server containing our
* root file system, if one was specified.
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tmp = kzalloc(tmplen, GFP_KERNEL);
if (tmp == NULL)
goto out_nomem;
strcpy(tmp, NFS_ROOT);
if (root_server_path[0] != '\0') {
dprintk("Root-NFS: DHCPv4 option 17: %s\n",
root_server_path);
if (root_nfs_parse_options(root_server_path, tmp, tmplen))
Reported by FlawFinder.
Line: 269
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
* in tmp, substitute the nodename, then shovel the whole
* mess into nfs_root_device.
*/
len = snprintf(nfs_export_path, sizeof(nfs_export_path),
tmp, utsname()->nodename);
if (len >= (int)sizeof(nfs_export_path))
goto out_devnametoolong;
len = snprintf(nfs_root_device, sizeof(nfs_root_device),
"%pI4:%s", &servaddr, nfs_export_path);
Reported by FlawFinder.
Line: 100
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
/* Parameters passed from the kernel command line */
static char nfs_root_parms[NFS_MAXPATHLEN + 1] __initdata = "";
/* Text-based mount options passed to super.c */
static char nfs_root_options[256] __initdata = NFS_DEF_OPTIONS;
/* Address of NFS server */
Reported by FlawFinder.
Line: 103
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char nfs_root_parms[NFS_MAXPATHLEN + 1] __initdata = "";
/* Text-based mount options passed to super.c */
static char nfs_root_options[256] __initdata = NFS_DEF_OPTIONS;
/* Address of NFS server */
static __be32 servaddr __initdata = htonl(INADDR_NONE);
/* Name of directory to mount */
Reported by FlawFinder.
Line: 109
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __be32 servaddr __initdata = htonl(INADDR_NONE);
/* Name of directory to mount */
static char nfs_export_path[NFS_MAXPATHLEN + 1] __initdata = "";
/* server:export path string passed to super.c */
static char nfs_root_device[NFS_MAXPATHLEN + 1] __initdata = "";
#ifdef NFS_DEBUG
Reported by FlawFinder.
Line: 112
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char nfs_export_path[NFS_MAXPATHLEN + 1] __initdata = "";
/* server:export path string passed to super.c */
static char nfs_root_device[NFS_MAXPATHLEN + 1] __initdata = "";
#ifdef NFS_DEBUG
/*
* When the "nfsrootdebug" kernel command line option is specified,
* enable debugging messages for NFSROOT.
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int __init root_nfs_data(char *cmdline)
{
char mand_options[sizeof("nolock,addr=") + INET_ADDRSTRLEN + 1];
int len, retval = -1;
char *tmp = NULL;
const size_t tmplen = sizeof(nfs_export_path);
tmp = kzalloc(tmplen, GFP_KERNEL);
Reported by FlawFinder.
Line: 144
Column: 14
CWE codes:
126
if (line[0] == '/' || line[0] == ',' || (line[0] >= '0' && line[0] <= '9')) {
strlcpy(nfs_root_parms, line, sizeof(nfs_root_parms));
} else {
size_t n = strlen(line) + sizeof(NFS_ROOT) - 1;
if (n >= sizeof(nfs_root_parms))
line[sizeof(nfs_root_parms) - sizeof(NFS_ROOT) - 2] = '\0';
sprintf(nfs_root_parms, NFS_ROOT, line);
}
Reported by FlawFinder.
Line: 175
Column: 15
CWE codes:
126
static int __init root_nfs_cat(char *dest, const char *src,
const size_t destlen)
{
size_t len = strlen(dest);
if (len && dest[len - 1] != ',')
if (strlcat(dest, ",", destlen) > destlen)
return -1;
Reported by FlawFinder.
drivers/virtio/virtio_pci_modern.c
10 issues
Line: 78
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (len) {
case 1:
b = ioread8(device + offset);
memcpy(buf, &b, sizeof b);
break;
case 2:
w = cpu_to_le16(ioread16(device + offset));
memcpy(buf, &w, sizeof w);
break;
Reported by FlawFinder.
Line: 82
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 2:
w = cpu_to_le16(ioread16(device + offset));
memcpy(buf, &w, sizeof w);
break;
case 4:
l = cpu_to_le32(ioread32(device + offset));
memcpy(buf, &l, sizeof l);
break;
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 4:
l = cpu_to_le32(ioread32(device + offset));
memcpy(buf, &l, sizeof l);
break;
case 8:
l = cpu_to_le32(ioread32(device + offset));
memcpy(buf, &l, sizeof l);
l = cpu_to_le32(ioread32(device + offset + sizeof l));
Reported by FlawFinder.
Line: 90
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 8:
l = cpu_to_le32(ioread32(device + offset));
memcpy(buf, &l, sizeof l);
l = cpu_to_le32(ioread32(device + offset + sizeof l));
memcpy(buf + sizeof l, &l, sizeof l);
break;
default:
BUG();
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
l = cpu_to_le32(ioread32(device + offset));
memcpy(buf, &l, sizeof l);
l = cpu_to_le32(ioread32(device + offset + sizeof l));
memcpy(buf + sizeof l, &l, sizeof l);
break;
default:
BUG();
}
}
Reported by FlawFinder.
Line: 115
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (len) {
case 1:
memcpy(&b, buf, sizeof b);
iowrite8(b, device + offset);
break;
case 2:
memcpy(&w, buf, sizeof w);
iowrite16(le16_to_cpu(w), device + offset);
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iowrite8(b, device + offset);
break;
case 2:
memcpy(&w, buf, sizeof w);
iowrite16(le16_to_cpu(w), device + offset);
break;
case 4:
memcpy(&l, buf, sizeof l);
iowrite32(le32_to_cpu(l), device + offset);
Reported by FlawFinder.
Line: 123
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iowrite16(le16_to_cpu(w), device + offset);
break;
case 4:
memcpy(&l, buf, sizeof l);
iowrite32(le32_to_cpu(l), device + offset);
break;
case 8:
memcpy(&l, buf, sizeof l);
iowrite32(le32_to_cpu(l), device + offset);
Reported by FlawFinder.
Line: 127
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iowrite32(le32_to_cpu(l), device + offset);
break;
case 8:
memcpy(&l, buf, sizeof l);
iowrite32(le32_to_cpu(l), device + offset);
memcpy(&l, buf + sizeof l, sizeof l);
iowrite32(le32_to_cpu(l), device + offset + sizeof l);
break;
default:
Reported by FlawFinder.
Line: 129
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 8:
memcpy(&l, buf, sizeof l);
iowrite32(le32_to_cpu(l), device + offset);
memcpy(&l, buf + sizeof l, sizeof l);
iowrite32(le32_to_cpu(l), device + offset + sizeof l);
break;
default:
BUG();
}
Reported by FlawFinder.
fs/nls/mac-cyrillic.c
10 issues
Line: 52
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00 */
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x044c, 0x044d, 0x044e, 0x20ac,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 170
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page04[256] = {
0x00, 0xdd, 0xab, 0xae, 0xb8, 0xc1, 0xa7, 0xba, /* 0x00-0x07 */
0xb7, 0xbc, 0xbe, 0xcb, 0xcd, 0x00, 0xd8, 0xda, /* 0x08-0x0f */
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 0x10-0x17 */
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, /* 0x18-0x1f */
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 240
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0xd0, 0xd1, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd4, 0xd5, 0x00, 0x00, 0xd2, 0xd3, 0xd7, 0x00, /* 0x18-0x1f */
0xa0, 0x00, 0xa5, 0x00, 0x00, 0x00, 0xc9, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xdc, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 310
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc6, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, 0xb0, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 345
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char *const page_uni2charset[256] = {
page00, page01, NULL, NULL, page04, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
page20, page21, page22, NULL, NULL, NULL, NULL, NULL,
Reported by FlawFinder.
Line: 380
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x00-0x07 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x08-0x0f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x10-0x17 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x18-0x1f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 415
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x00-0x07 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x08-0x0f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x10-0x17 */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x18-0x1f */
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x20-0x27 */
Reported by FlawFinder.