The following issues were found
fs/nfsd/nfssvc.c
10 issues
Line: 851
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
nfsd_vers(nn, rqstp->rq_vers, NFSD_TEST)))
return svc_generic_init_request(rqstp, progp, ret);
ret->mismatch.lovers = NFSD_ACL_NRVERS;
for (i = NFSD_ACL_MINVERS; i < NFSD_ACL_NRVERS; i++) {
if (nfsd_support_acl_version(rqstp->rq_vers) &&
nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.lovers = i;
break;
Reported by FlawFinder.
Line: 855
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
for (i = NFSD_ACL_MINVERS; i < NFSD_ACL_NRVERS; i++) {
if (nfsd_support_acl_version(rqstp->rq_vers) &&
nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.lovers = i;
break;
}
}
if (ret->mismatch.lovers == NFSD_ACL_NRVERS)
return rpc_prog_unavail;
Reported by FlawFinder.
Line: 859
Column: 11
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
break;
}
}
if (ret->mismatch.lovers == NFSD_ACL_NRVERS)
return rpc_prog_unavail;
ret->mismatch.hivers = NFSD_ACL_MINVERS;
for (i = NFSD_ACL_NRVERS - 1; i >= NFSD_ACL_MINVERS; i--) {
if (nfsd_support_acl_version(rqstp->rq_vers) &&
nfsd_vers(nn, i, NFSD_TEST)) {
Reported by FlawFinder.
Line: 861
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
if (ret->mismatch.lovers == NFSD_ACL_NRVERS)
return rpc_prog_unavail;
ret->mismatch.hivers = NFSD_ACL_MINVERS;
for (i = NFSD_ACL_NRVERS - 1; i >= NFSD_ACL_MINVERS; i--) {
if (nfsd_support_acl_version(rqstp->rq_vers) &&
nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.hivers = i;
break;
Reported by FlawFinder.
Line: 865
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
for (i = NFSD_ACL_NRVERS - 1; i >= NFSD_ACL_MINVERS; i--) {
if (nfsd_support_acl_version(rqstp->rq_vers) &&
nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.hivers = i;
break;
}
}
return rpc_prog_mismatch;
}
Reported by FlawFinder.
Line: 895
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if (likely(nfsd_vers(nn, rqstp->rq_vers, NFSD_TEST)))
return svc_generic_init_request(rqstp, progp, ret);
ret->mismatch.lovers = NFSD_NRVERS;
for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++) {
if (nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.lovers = i;
break;
}
Reported by FlawFinder.
Line: 898
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
ret->mismatch.lovers = NFSD_NRVERS;
for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++) {
if (nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.lovers = i;
break;
}
}
if (ret->mismatch.lovers == NFSD_NRVERS)
return rpc_prog_unavail;
Reported by FlawFinder.
Line: 902
Column: 11
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
break;
}
}
if (ret->mismatch.lovers == NFSD_NRVERS)
return rpc_prog_unavail;
ret->mismatch.hivers = NFSD_MINVERS;
for (i = NFSD_NRVERS - 1; i >= NFSD_MINVERS; i--) {
if (nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.hivers = i;
Reported by FlawFinder.
Line: 904
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
if (ret->mismatch.lovers == NFSD_NRVERS)
return rpc_prog_unavail;
ret->mismatch.hivers = NFSD_MINVERS;
for (i = NFSD_NRVERS - 1; i >= NFSD_MINVERS; i--) {
if (nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.hivers = i;
break;
}
Reported by FlawFinder.
Line: 907
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
ret->mismatch.hivers = NFSD_MINVERS;
for (i = NFSD_NRVERS - 1; i >= NFSD_MINVERS; i--) {
if (nfsd_vers(nn, i, NFSD_TEST)) {
ret->mismatch.hivers = i;
break;
}
}
return rpc_prog_mismatch;
}
Reported by FlawFinder.
fs/nls/nls_cp864.c
10 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xfed9, 0xfef1, 0x25a0, 0x0000,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x00, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 134
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xdd, /* 0xf0-0xf7 */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 163
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x92, 0x00, /* 0xc0-0xc7 */
};
static const unsigned char page06[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0xbb, 0x00, 0x00, 0x00, 0xbf, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 180
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xb8, 0xb9, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x68-0x6f */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x82, 0x83, 0x00, 0x00, 0x00, 0x91, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 193
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x48-0x4f */
};
static const unsigned char page25[256] = {
0x85, 0x00, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x8c, 0x00, 0x00, 0x00, 0x8e, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x8f, 0x00, 0x00, 0x00, 0x8a, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 218
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xa0-0xa7 */
};
static const unsigned char pagefe[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 254
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x9a, 0x00, 0x00, 0x9d, 0x9e, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char *const page_uni2charset[256] = {
page00, NULL, NULL, page03, NULL, NULL, page06, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, page22, NULL, NULL, page25, NULL, NULL,
Reported by FlawFinder.
Line: 289
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL, NULL, NULL, NULL, NULL, NULL, pagefe, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 325
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0x00, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
fs/reiserfs/xattr.c
10 issues
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct dentry *open_xa_dir(const struct inode *inode, int flags)
{
struct dentry *xaroot, *xadir;
char namebuf[17];
xaroot = open_xa_root(inode->i_sb, flags);
if (IS_ERR(xaroot))
return xaroot;
Reported by FlawFinder.
Line: 581
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = __reiserfs_write_begin(page, page_offset, chunk + skip);
if (!err) {
if (buffer)
memcpy(data + skip, buffer + buffer_pos, chunk);
err = reiserfs_commit_write(NULL, page, page_offset,
page_offset + chunk +
skip);
}
reiserfs_write_unlock(inode->i_sb);
Reported by FlawFinder.
Line: 741
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hash = le32_to_cpu(rxh->h_hash);
}
memcpy(buffer + buffer_pos, data + skip, chunk);
unlock_page(page);
reiserfs_put_page(page);
file_pos += chunk;
buffer_pos += chunk;
skip = 0;
Reported by FlawFinder.
Line: 830
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
b->pos = -ERANGE;
return -ERANGE;
}
memcpy(b->buf + b->pos, name, namelen);
b->buf[b->pos + namelen] = 0;
}
b->pos += size;
}
return 0;
Reported by FlawFinder.
Line: 162
Column: 42
CWE codes:
126
inode_lock_nested(d_inode(xaroot), I_MUTEX_XATTR);
xadir = lookup_one_len(namebuf, xaroot, strlen(namebuf));
if (!IS_ERR(xadir) && d_really_is_negative(xadir)) {
int err = -ENODATA;
if (xattr_may_create(flags))
err = xattr_mkdir(d_inode(xaroot), xadir, 0700);
Reported by FlawFinder.
Line: 400
Column: 39
CWE codes:
126
return ERR_CAST(xadir);
inode_lock_nested(d_inode(xadir), I_MUTEX_XATTR);
xafile = lookup_one_len(name, xadir, strlen(name));
if (IS_ERR(xafile)) {
err = PTR_ERR(xafile);
goto out;
}
Reported by FlawFinder.
Line: 494
Column: 39
CWE codes:
126
return PTR_ERR(xadir);
inode_lock_nested(d_inode(xadir), I_MUTEX_XATTR);
dentry = lookup_one_len(name, xadir, strlen(name));
if (IS_ERR(dentry)) {
err = PTR_ERR(dentry);
goto out_dput;
}
Reported by FlawFinder.
Line: 792
Column: 29
CWE codes:
126
for_each_xattr_handler(handlers, xah) {
const char *prefix = xattr_prefix(xah);
if (strncmp(prefix, name, strlen(prefix)) == 0)
break;
}
return xah;
}
Reported by FlawFinder.
Line: 981
Column: 5
CWE codes:
126
/* If we don't have the privroot located yet - go find it */
inode_lock(d_inode(s->s_root));
dentry = lookup_one_len(PRIVROOT_NAME, s->s_root,
strlen(PRIVROOT_NAME));
if (!IS_ERR(dentry)) {
REISERFS_SB(s)->priv_root = dentry;
d_set_d_op(dentry, &xattr_lookup_poison_ops);
if (d_really_is_positive(dentry)) {
d_inode(dentry)->i_flags |= S_PRIVATE;
Reported by FlawFinder.
Line: 1022
Column: 7
CWE codes:
126
struct dentry *dentry;
dentry = lookup_one_len(XAROOT_NAME, privroot,
strlen(XAROOT_NAME));
if (!IS_ERR(dentry))
REISERFS_SB(s)->xattr_root = dentry;
else
err = PTR_ERR(dentry);
}
Reported by FlawFinder.
drivers/xen/xenbus/xenbus_comms.c
10 issues
Line: 135
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > len)
avail = len;
memcpy(dst, data, avail);
data += avail;
len -= avail;
bytes += avail;
/* Other side must not see new producer until data is there. */
Reported by FlawFinder.
Line: 188
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Must read data /after/ reading the producer index. */
virt_rmb();
memcpy(data, src, avail);
data += avail;
len -= avail;
bytes += avail;
/* Other side must not see free space until we've copied out */
Reported by FlawFinder.
Line: 246
Column: 13
CWE codes:
120
20
}
if (state.in_hdr) {
if (state.read != sizeof(state.msg)) {
err = xb_read((void *)&state.msg + state.read,
sizeof(state.msg) - state.read);
if (err < 0)
goto out;
state.read += err;
Reported by FlawFinder.
Line: 247
Column: 45
CWE codes:
120
20
if (state.in_hdr) {
if (state.read != sizeof(state.msg)) {
err = xb_read((void *)&state.msg + state.read,
sizeof(state.msg) - state.read);
if (err < 0)
goto out;
state.read += err;
if (state.read != sizeof(state.msg))
Reported by FlawFinder.
Line: 248
Column: 37
CWE codes:
120
20
if (state.in_hdr) {
if (state.read != sizeof(state.msg)) {
err = xb_read((void *)&state.msg + state.read,
sizeof(state.msg) - state.read);
if (err < 0)
goto out;
state.read += err;
if (state.read != sizeof(state.msg))
return 0;
Reported by FlawFinder.
Line: 252
Column: 14
CWE codes:
120
20
if (err < 0)
goto out;
state.read += err;
if (state.read != sizeof(state.msg))
return 0;
if (state.msg.len > XENSTORE_PAYLOAD_MAX) {
err = -EINVAL;
goto out;
}
Reported by FlawFinder.
Line: 276
Column: 35
CWE codes:
120
20
state.read = 0;
}
err = xb_read(state.body + state.read, state.msg.len - state.read);
if (err < 0)
goto out;
state.read += err;
if (state.read != state.msg.len)
Reported by FlawFinder.
Line: 276
Column: 63
CWE codes:
120
20
state.read = 0;
}
err = xb_read(state.body + state.read, state.msg.len - state.read);
if (err < 0)
goto out;
state.read += err;
if (state.read != state.msg.len)
Reported by FlawFinder.
drivers/w1/slaves/w1_therm.c
10 issues
Line: 1799
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
__func__, -ENOMEM);
return size;
}
strcpy(p_args, buf);
/* Split string using space char */
token = strsep(&p_args, " ");
if (!token) {
Reported by FlawFinder.
Line: 1013
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (w1_reset_bus(sl->master))
return -ENODEV;
memcpy(&match[1], &rn, 8);
w1_write_block(sl->master, match, 9);
return 0;
}
Reported by FlawFinder.
Line: 1562
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info.crc, (info.verdict) ? "YES" : "NO");
if (info.verdict)
memcpy(family_data, info.rom, sizeof(info.rom));
else
dev_warn(device, "%s:Read failed CRC check\n", __func__);
for (i = 0; i < 9; ++i)
c -= snprintf(buf + PAGE_SIZE - c, c, "%02x ",
Reported by FlawFinder.
Line: 1652
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
}
return sprintf(buf, "%d\n", temperature_from_RAM(sl, info.rom));
}
static ssize_t ext_power_show(struct device *device,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1674
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"%s: Power_mode may be corrupted. err=%d\n",
__func__, SLAVE_POWERMODE(sl));
}
return sprintf(buf, "%d\n", SLAVE_POWERMODE(sl));
}
static ssize_t resolution_show(struct device *device,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1696
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
__func__, SLAVE_RESOLUTION(sl));
}
return sprintf(buf, "%d\n", SLAVE_RESOLUTION(sl));
}
static ssize_t resolution_store(struct device *device,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 1777
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
__func__, ret);
}
return sprintf(buf, "%hd %hd\n", tl, th);
}
static ssize_t alarms_store(struct device *device,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 1920
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
show_result:
return sprintf(buf, "%d\n", ret);
}
static ssize_t conv_time_show(struct device *device,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1933
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"%s: Device is not supported by the driver\n", __func__);
return 0; /* No device family */
}
return sprintf(buf, "%d\n", conversion_time(sl));
}
static ssize_t conv_time_store(struct device *device,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 1975
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"%s: Device not supported by the driver\n", __func__);
return 0; /* No device family */
}
return sprintf(buf, "%u\n", SLAVE_FEATURES(sl));
}
static ssize_t features_store(struct device *device,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
fs/hpfs/dnode.c
10 issues
Line: 42
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
if (hpfs_inode->i_rddir_off) {
memcpy(ppos, hpfs_inode->i_rddir_off, i * sizeof(loff_t));
kfree(hpfs_inode->i_rddir_off);
}
hpfs_inode->i_rddir_off = ppos;
}
hpfs_inode->i_rddir_off[i] = pos;
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
de->length = cpu_to_le16(d_size);
de->not_8x3 = hpfs_is_name_long(name, namelen);
de->namelen = namelen;
memcpy(de->name, name, namelen);
le32_add_cpu(&d->first_free, d_size);
return de;
}
/* Delete dirent and don't care about its subtree */
Reported by FlawFinder.
Line: 300
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(nname);
return 1;
}
memcpy(nd, d, le32_to_cpu(d->first_free));
copy_de(de = hpfs_add_de(i->i_sb, nd, name, namelen, down_ptr), new_de);
for_all_poss(i, hpfs_pos_ins, get_pos(nd, de), 1);
h = ((char *)dnode_last_de(nd) - (char *)nd) / 2 + 10;
if (!(ad = hpfs_alloc_dnode(i->i_sb, le32_to_cpu(d->up), &adno, &qbh1))) {
hpfs_error(i->i_sb, "unable to alloc dnode - dnode tree will be corrupted");
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos++;
}
copy_de(new_de = &nde, de);
memcpy(nname, de->name, de->namelen);
name = nname;
namelen = de->namelen;
for_all_poss(i, hpfs_pos_subst, ((loff_t)dno << 4) | pos, 4);
down_ptr = adno;
set_last_pointer(i->i_sb, ad, de->down ? de_down_pointer(de) : 0);
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
de = de_next_de(de);
memmove((char *)nd + 20, de, le32_to_cpu(nd->first_free) + (char *)nd - (char *)de);
le32_add_cpu(&nd->first_free, -((char *)de - (char *)nd - 20));
memcpy(d, nd, le32_to_cpu(nd->first_free));
for_all_poss(i, hpfs_pos_del, (loff_t)dno << 4, pos);
fix_up_ptrs(i->i_sb, ad);
if (!d->root_dnode) {
ad->up = d->up;
dno = le32_to_cpu(ad->up);
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hpfs_brelse4(&qbh);
return 0;
}
memcpy(nde, de, le16_to_cpu(de->length));
ddno = de->down ? de_down_pointer(de) : 0;
hpfs_delete_de(i->i_sb, dnode, de);
set_last_pointer(i->i_sb, dnode, ddno);
hpfs_mark_4buffers_dirty(&qbh);
hpfs_brelse4(&qbh);
Reported by FlawFinder.
Line: 614
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("out of memory for dtree balancing\n");
goto endm;
}
memcpy(de_cp, de, le16_to_cpu(de->length));
hpfs_delete_de(i->i_sb, dnode, de);
hpfs_mark_4buffers_dirty(&qbh);
hpfs_brelse4(&qbh);
for_all_poss(i, hpfs_pos_subst, ((loff_t)up << 4) | p, 4);
for_all_poss(i, hpfs_pos_del, ((loff_t)up << 4) | p, 1);
Reported by FlawFinder.
Line: 680
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hpfs_mark_4buffers_dirty(&qbh1);
hpfs_brelse4(&qbh1);
memcpy(de_cp, de_prev, le16_to_cpu(de_prev->length));
hpfs_delete_de(i->i_sb, dnode, de_prev);
if (!de_prev->down) {
le16_add_cpu(&de_prev->length, 4);
de_prev->down = 1;
le32_add_cpu(&dnode->first_free, 4);
Reported by FlawFinder.
Line: 1018
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
if (f->len <= 15)
memcpy(name2, name1, name1len = name2len = f->len);
else {
memcpy(name2, name1, 15);
memset(name2 + 15, 0xff, 256 - 15);
/*name2[15] = 0xff;*/
name1len = 15; name2len = 256;
Reported by FlawFinder.
Line: 1020
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (f->len <= 15)
memcpy(name2, name1, name1len = name2len = f->len);
else {
memcpy(name2, name1, 15);
memset(name2 + 15, 0xff, 256 - 15);
/*name2[15] = 0xff;*/
name1len = 15; name2len = 256;
}
if (!(upf = hpfs_map_fnode(s, le32_to_cpu(f->up), &bh))) {
Reported by FlawFinder.
fs/cifs/misc.c
10 issues
Line: 647
CWE codes:
908
cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
struct cifs_pending_open *open)
{
memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
open->oplock = CIFS_OPLOCK_NO_CHANGE;
open->tlink = tlink;
fid->pending_open = open;
list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
}
Reported by Cppcheck.
Line: 636
Column: 49
CWE codes:
362
}
void
cifs_del_pending_open(struct cifs_pending_open *open)
{
spin_lock(&tlink_tcon(open->tlink)->open_file_lock);
list_del(&open->olist);
spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
}
Reported by FlawFinder.
Line: 645
Column: 35
CWE codes:
362
void
cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
struct cifs_pending_open *open)
{
memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
open->oplock = CIFS_OPLOCK_NO_CHANGE;
open->tlink = tlink;
fid->pending_open = open;
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
struct cifs_pending_open *open)
{
memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
open->oplock = CIFS_OPLOCK_NO_CHANGE;
open->tlink = tlink;
fid->pending_open = open;
list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
}
Reported by FlawFinder.
Line: 650
Column: 22
CWE codes:
362
memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
open->oplock = CIFS_OPLOCK_NO_CHANGE;
open->tlink = tlink;
fid->pending_open = open;
list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
}
void
cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
Reported by FlawFinder.
Line: 656
Column: 35
CWE codes:
362
void
cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
struct cifs_pending_open *open)
{
spin_lock(&tlink_tcon(tlink)->open_file_lock);
cifs_add_pending_open_locked(fid, tlink, open);
spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
}
Reported by FlawFinder.
Line: 659
Column: 43
CWE codes:
362
struct cifs_pending_open *open)
{
spin_lock(&tlink_tcon(tlink)->open_file_lock);
cifs_add_pending_open_locked(fid, tlink, open);
spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
}
/*
* Critical section which runs after acquiring deferred_lock.
Reported by FlawFinder.
Line: 958
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bio_vec *bv = NULL;
if (iov_iter_is_kvec(iter)) {
memcpy(&ctx->iter, iter, sizeof(*iter));
ctx->len = count;
iov_iter_advance(iter, count);
return 0;
}
Reported by FlawFinder.
Line: 840
Column: 26
CWE codes:
126
node->flags = le32_to_cpu(rsp->DFSFlags);
if (is_unicode) {
__le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
GFP_KERNEL);
if (tmp == NULL) {
rc = -ENOMEM;
goto parse_DFS_referrals_exit;
}
Reported by FlawFinder.
Line: 1224
Column: 43
CWE codes:
126
cifs_dbg(FYI, "%s: target ip: %s\n", __func__, tip);
if (!cifs_convert_address(&tipaddr, tip, strlen(tip))) {
cifs_dbg(VFS, "%s: failed to convert target ip address\n",
__func__);
rc = -EINVAL;
goto out;
}
Reported by FlawFinder.
fs/ext4/inline.c
10 issues
Line: 182
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len : EXT4_MIN_INLINE_DATA_SIZE;
raw_inode = ext4_raw_inode(iloc);
memcpy(buffer, (void *)(raw_inode->i_block), cp_len);
len -= cp_len;
buffer += cp_len;
if (!len)
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = min_t(unsigned int, len,
(unsigned int)le32_to_cpu(entry->e_value_size));
memcpy(buffer,
(void *)IFIRST(header) + le16_to_cpu(entry->e_value_offs), len);
cp_len += len;
out:
return cp_len;
Reported by FlawFinder.
Line: 230
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pos < EXT4_MIN_INLINE_DATA_SIZE) {
cp_len = pos + len > EXT4_MIN_INLINE_DATA_SIZE ?
EXT4_MIN_INLINE_DATA_SIZE - pos : len;
memcpy((void *)raw_inode->i_block + pos, buffer, cp_len);
len -= cp_len;
buffer += cp_len;
pos += cp_len;
}
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry = (struct ext4_xattr_entry *)((void *)raw_inode +
EXT4_I(inode)->i_inline_off);
memcpy((void *)IFIRST(header) + le16_to_cpu(entry->e_value_offs) + pos,
buffer, len);
}
static int ext4_create_inline_data(handle_t *handle,
struct inode *inode, unsigned len)
Reported by FlawFinder.
Line: 1147
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
le32_to_cpu(((struct ext4_dir_entry_2 *)buf)->inode), 1);
header_size = (void *)de - target;
memcpy((void *)de, buf + EXT4_INLINE_DOTDOT_SIZE,
inline_size - EXT4_INLINE_DOTDOT_SIZE);
if (ext4_has_metadata_csum(inode->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
Reported by FlawFinder.
Line: 1235
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(data_bh->b_data, 0, inode->i_sb->s_blocksize);
if (!S_ISDIR(inode->i_mode)) {
memcpy(data_bh->b_data, buf, inline_size);
set_buffer_uptodate(data_bh);
error = ext4_handle_dirty_metadata(handle,
inode, data_bh);
} else {
error = ext4_finish_convert_inline_dir(handle, inode, data_bh,
Reported by FlawFinder.
Line: 1391
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if (pos == EXT4_INLINE_DOTDOT_OFFSET) {
fake.inode = cpu_to_le32(parent_ino);
fake.name_len = 2;
strcpy(fake.name, "..");
fake.rec_len = ext4_rec_len_to_disk(
ext4_dir_rec_len(fake.name_len, NULL),
inline_size);
ext4_set_de_type(inode->i_sb, &fake, S_IFDIR);
de = &fake;
Reported by FlawFinder.
Line: 49
Column: 19
CWE codes:
126
*/
if (!ext4_test_inode_state(inode, EXT4_STATE_XATTR))
return EXT4_XATTR_SIZE(min_offs -
EXT4_XATTR_LEN(strlen(EXT4_XATTR_SYSTEM_DATA)) -
EXT4_XATTR_ROUND - sizeof(__u32));
raw_inode = ext4_raw_inode(iloc);
header = IHDR(inode, raw_inode);
entry = IFIRST(header);
Reported by FlawFinder.
Line: 75
Column: 25
CWE codes:
126
goto out;
}
free -= EXT4_XATTR_LEN(strlen(EXT4_XATTR_SYSTEM_DATA));
if (free > EXT4_XATTR_ROUND)
free = EXT4_XATTR_SIZE(free - EXT4_XATTR_ROUND);
else
free = 0;
Reported by FlawFinder.
Line: 1381
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (pos == 0) {
fake.inode = cpu_to_le32(inode->i_ino);
fake.name_len = 1;
strcpy(fake.name, ".");
fake.rec_len = ext4_rec_len_to_disk(
ext4_dir_rec_len(fake.name_len, NULL),
inline_size);
ext4_set_de_type(inode->i_sb, &fake, S_IFDIR);
de = &fake;
Reported by FlawFinder.
fs/f2fs/f2fs.h
10 issues
Line: 524
CWE codes:
682
d->max = entry_cnt;
d->nr_bitmap = bitmap_size;
d->bitmap = t;
d->dentry = t + bitmap_size + reserved_size;
d->filename = t + bitmap_size + reserved_size +
SIZE_OF_DIR_ENTRY * entry_cnt;
}
/*
Reported by Cppcheck.
Line: 525
CWE codes:
682
d->nr_bitmap = bitmap_size;
d->bitmap = t;
d->dentry = t + bitmap_size + reserved_size;
d->filename = t + bitmap_size + reserved_size +
SIZE_OF_DIR_ENTRY * entry_cnt;
}
/*
* XATTR_NODE_OFFSET stores xattrs to one node block per file keeping -1
Reported by Cppcheck.
Line: 68
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int inject_type;
};
extern const char *f2fs_fault_name[FAULT_MAX];
#define IS_FAULT_SET(fi, type) ((fi)->inject_type & (1 << (type)))
#endif
/*
* For mount options
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
#ifdef CONFIG_QUOTA
/* Names of quota files with journalled quota */
char *s_qf_names[MAXQUOTAS];
int s_jquota_fmt; /* Format of quota to use */
#endif
/* For which write hints are passed down to block layer */
int whint_mode;
int alloc_mode; /* segment allocation policy */
Reported by FlawFinder.
Line: 156
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char compress_ext_cnt; /* extension count */
unsigned char nocompress_ext_cnt; /* nocompress extension count */
int compress_mode; /* compression mode */
unsigned char extensions[COMPRESS_EXT_NUM][F2FS_EXTENSION_LEN]; /* extensions */
unsigned char noextensions[COMPRESS_EXT_NUM][F2FS_EXTENSION_LEN]; /* extensions */
};
#define F2FS_FEATURE_ENCRYPT 0x0001
#define F2FS_FEATURE_BLKZONED 0x0002
Reported by FlawFinder.
Line: 157
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char nocompress_ext_cnt; /* nocompress extension count */
int compress_mode; /* compression mode */
unsigned char extensions[COMPRESS_EXT_NUM][F2FS_EXTENSION_LEN]; /* extensions */
unsigned char noextensions[COMPRESS_EXT_NUM][F2FS_EXTENSION_LEN]; /* extensions */
};
#define F2FS_FEATURE_ENCRYPT 0x0001
#define F2FS_FEATURE_BLKZONED 0x0002
#define F2FS_FEATURE_ATOMIC_WRITE 0x0004
Reported by FlawFinder.
Line: 299
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct discard_entry {
struct list_head list; /* list head */
block_t start_blkaddr; /* start blockaddr of current segment */
unsigned char discard_map[SIT_VBLOCK_MAP_SIZE]; /* segment discard bitmap */
};
/* default discard granularity of inner discard thread, unit: block count */
#define DEFAULT_DISCARD_GRANULARITY 16
Reported by FlawFinder.
Line: 1182
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RDEV(i) (raw_super->devs[i])
struct f2fs_dev_info {
struct block_device *bdev;
char path[MAX_PATH_LEN];
unsigned int total_segments;
block_t start_blk;
block_t end_blk;
#ifdef CONFIG_BLK_DEV_ZONED
unsigned int nr_blkz; /* Total number of zones */
Reported by FlawFinder.
Line: 1844
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct {
struct shash_desc shash;
char ctx[4];
} desc;
int err;
BUG_ON(crypto_shash_descsize(sbi->s_chksum_driver) != sizeof(desc.ctx));
Reported by FlawFinder.
Line: 2558
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *src_kaddr = kmap(src);
char *dst_kaddr = kmap(dst);
memcpy(dst_kaddr, src_kaddr, PAGE_SIZE);
kunmap(dst);
kunmap(src);
}
static inline void f2fs_put_page(struct page *page, int unlock)
Reported by FlawFinder.
fs/nls/nls_cp860.c
10 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x207f, 0x00b2, 0x25a0, 0x00a0,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x97, 0xa3, 0x00, 0x81, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 164
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xe3, 0x00, 0x00, 0xe5, 0xe7, 0x00, 0xed, 0x00, /* 0xc0-0xc7 */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 189
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9e, /* 0xa0-0xa7 */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0xf9, 0xfb, 0x00, 0x00, 0x00, 0xec, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0xf0, 0x00, 0x00, 0xf3, 0xf2, 0x00, 0x00, /* 0x60-0x67 */
};
static const unsigned char page23[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0xf4, 0xf5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 213
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf4, 0xf5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
};
static const unsigned char page25[256] = {
0xc4, 0x00, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0xda, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0xbf, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd9, 0x00, 0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0xb4, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 238
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xa0-0xa7 */
};
static const unsigned char *const page_uni2charset[256] = {
page00, NULL, NULL, page03, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
page20, NULL, page22, page23, NULL, page25, NULL, NULL,
Reported by FlawFinder.
Line: 246
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
page20, NULL, page22, page23, NULL, page25, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 282
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.