The following issues were found
drivers/acpi/acpi_configfs.c
9 issues
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (data)
memcpy(data, h, h->length);
return h->length;
}
#define MAX_ACPI_TABLE_SIZE (128 * 1024)
Reported by FlawFinder.
Line: 106
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_NAMESEG_SIZE, h->signature);
}
static ssize_t acpi_table_length_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
Reported by FlawFinder.
Line: 116
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->length);
}
static ssize_t acpi_table_revision_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
Reported by FlawFinder.
Line: 126
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->revision);
}
static ssize_t acpi_table_oem_id_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
Reported by FlawFinder.
Line: 136
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_OEM_ID_SIZE, h->oem_id);
}
static ssize_t acpi_table_oem_table_id_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_OEM_TABLE_ID_SIZE, h->oem_table_id);
}
static ssize_t acpi_table_oem_revision_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
Reported by FlawFinder.
Line: 156
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->oem_revision);
}
static ssize_t acpi_table_asl_compiler_id_show(struct config_item *cfg,
char *str)
{
Reported by FlawFinder.
Line: 167
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_NAMESEG_SIZE, h->asl_compiler_id);
}
static ssize_t acpi_table_asl_compiler_revision_show(struct config_item *cfg,
char *str)
{
Reported by FlawFinder.
Line: 178
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->asl_compiler_revision);
}
CONFIGFS_ATTR_RO(acpi_table_, signature);
CONFIGFS_ATTR_RO(acpi_table_, length);
CONFIGFS_ATTR_RO(acpi_table_, revision);
Reported by FlawFinder.
drivers/crypto/qat/qat_common/icp_qat_uclo.h
9 issues
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_uof_filechunkhdr {
char chunk_id[ICP_QAT_UOF_OBJID_LEN];
unsigned int checksum;
unsigned int offset;
unsigned int size;
};
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_uof_chunkhdr {
char chunk_id[ICP_QAT_UOF_OBJID_LEN];
unsigned int offset;
unsigned int size;
};
struct icp_qat_uof_memvar_attr {
Reported by FlawFinder.
Line: 318
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_uof_gtid {
char tool_id[ICP_QAT_UOF_OBJID_LEN];
int tool_ver;
unsigned int reserved1;
unsigned int reserved2;
};
Reported by FlawFinder.
Line: 493
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char lm2_mode;
char lm3_mode;
char tindex_mode;
unsigned char reserved[7];
char simg_name[256];
char appmeta_data[256];
};
struct icp_qat_suof_filehdr {
Reported by FlawFinder.
Line: 494
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char lm3_mode;
char tindex_mode;
unsigned char reserved[7];
char simg_name[256];
char appmeta_data[256];
};
struct icp_qat_suof_filehdr {
unsigned int file_id;
Reported by FlawFinder.
Line: 495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char tindex_mode;
unsigned char reserved[7];
char simg_name[256];
char appmeta_data[256];
};
struct icp_qat_suof_filehdr {
unsigned int file_id;
unsigned int check_sum;
Reported by FlawFinder.
Line: 510
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_suof_chunk_hdr {
char chunk_id[ICP_QAT_SUOF_OBJ_ID_LEN];
u64 offset;
u64 size;
};
struct icp_qat_suof_strtable {
Reported by FlawFinder.
Line: 536
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_mof_chunkhdr {
char chunk_id[ICP_QAT_MOF_OBJ_ID_LEN];
u64 offset;
u64 size;
};
struct icp_qat_mof_str_table {
Reported by FlawFinder.
Line: 553
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct icp_qat_mof_obj_chunkhdr {
char chunk_id[ICP_QAT_MOF_OBJ_CHUNKID_LEN];
u64 offset;
u64 size;
unsigned int name;
unsigned int reserved;
};
Reported by FlawFinder.
crypto/testmgr.h
9 issues
Line: 177
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool genkey;
};
static const char zeroed_string[48];
/*
* RSA test vectors. Borrowed from openSSL.
*/
static const struct akcipher_testvec rsa_tv_template[] = {
Reported by FlawFinder.
Line: 6264
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const char vmac64_string1[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\x01', '\x01', '\x01', '\x01', '\x02', '\x03', '\x02', '\x02',
'\x02', '\x04', '\x01', '\x07', '\x04', '\x01', '\x04', '\x03',
};
Reported by FlawFinder.
Line: 6271
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
'\x02', '\x04', '\x01', '\x07', '\x04', '\x01', '\x04', '\x03',
};
static const char vmac64_string2[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'a', 'b', 'c',
};
Reported by FlawFinder.
Line: 6277
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
'a', 'b', 'c',
};
static const char vmac64_string3[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'a', 'b', 'c', 'a', 'b', 'c', 'a', 'b',
'c', 'a', 'b', 'c', 'a', 'b', 'c', 'a',
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
Reported by FlawFinder.
Line: 6288
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
};
static const char vmac64_string4[33] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'b', 'c', 'e', 'f', 'i', 'j', 'l', 'm',
'o', 'p', 'r', 's', 't', 'u', 'w', 'x',
'z',
Reported by FlawFinder.
Line: 6296
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
'z',
};
static const char vmac64_string5[143] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'r', 'm', 'b', 't', 'c', 'o', 'l', 'k',
']', '%', '9', '2', '7', '!', 'A',
};
Reported by FlawFinder.
Line: 6303
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
']', '%', '9', '2', '7', '!', 'A',
};
static const char vmac64_string6[145] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'p', 't', '*', '7', 'l', 'i', '!', '#',
'w', '0', 'z', '/', '4', 'A', 'n',
};
Reported by FlawFinder.
Line: 30090
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct comp_testvec {
int inlen, outlen;
char input[COMP_BUF_SIZE];
char output[COMP_BUF_SIZE];
};
/*
* Deflate test vectors (null-terminated strings).
Reported by FlawFinder.
Line: 30091
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct comp_testvec {
int inlen, outlen;
char input[COMP_BUF_SIZE];
char output[COMP_BUF_SIZE];
};
/*
* Deflate test vectors (null-terminated strings).
* Params: winbits=-11, Z_DEFAULT_COMPRESSION, MAX_MEM_LEVEL.
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c
9 issues
Line: 252
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct amdgpu_ras_eeprom_control *control,
uint32_t header)
{
unsigned char buff[EEPROM_ADDRESS_SIZE + EEPROM_TABLE_HEADER_SIZE];
struct amdgpu_ras_eeprom_table_header *hdr = &control->tbl_hdr;
int ret = 0;
memset(buff, 0, EEPROM_ADDRESS_SIZE + EEPROM_TABLE_HEADER_SIZE);
Reported by FlawFinder.
Line: 268
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int amdgpu_ras_eeprom_reset_table(struct amdgpu_ras_eeprom_control *control)
{
unsigned char buff[EEPROM_ADDRESS_SIZE + EEPROM_TABLE_HEADER_SIZE] = { 0 };
struct amdgpu_ras_eeprom_table_header *hdr = &control->tbl_hdr;
int ret = 0;
mutex_lock(&control->tbl_mutex);
Reported by FlawFinder.
Line: 296
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = 0;
struct amdgpu_device *adev = to_amdgpu_device(control);
unsigned char buff[EEPROM_ADDRESS_SIZE + EEPROM_TABLE_HEADER_SIZE] = { 0 };
struct amdgpu_ras_eeprom_table_header *hdr = &control->tbl_hdr;
struct amdgpu_ras *ras = amdgpu_ras_get_context(adev);
struct i2c_msg msg = {
.addr = 0,
.flags = I2C_M_RD,
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buff[i++] = record->bank;
tmp = cpu_to_le64(record->ts);
memcpy(buff + i, &tmp, 8);
i += 8;
tmp = cpu_to_le64((record->offset & 0xffffffffffff));
memcpy(buff + i, &tmp, 6);
i += 6;
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i += 8;
tmp = cpu_to_le64((record->offset & 0xffffffffffff));
memcpy(buff + i, &tmp, 6);
i += 6;
buff[i++] = record->mem_channel;
buff[i++] = record->mcumc_id;
Reported by FlawFinder.
Line: 384
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buff[i++] = record->mcumc_id;
tmp = cpu_to_le64((record->retired_page & 0xffffffffffff));
memcpy(buff + i, &tmp, 6);
}
static void __decode_table_record_from_buff(struct amdgpu_ras_eeprom_control *control,
struct eeprom_table_record *record,
unsigned char *buff)
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
record->bank = buff[i++];
memcpy(&tmp, buff + i, 8);
record->ts = le64_to_cpu(tmp);
i += 8;
memcpy(&tmp, buff + i, 6);
record->offset = (le64_to_cpu(tmp) & 0xffffffffffff);
Reported by FlawFinder.
Line: 403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
record->ts = le64_to_cpu(tmp);
i += 8;
memcpy(&tmp, buff + i, 6);
record->offset = (le64_to_cpu(tmp) & 0xffffffffffff);
i += 6;
record->mem_channel = buff[i++];
record->mcumc_id = buff[i++];
Reported by FlawFinder.
Line: 410
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
record->mem_channel = buff[i++];
record->mcumc_id = buff[i++];
memcpy(&tmp, buff + i, 6);
record->retired_page = (le64_to_cpu(tmp) & 0xffffffffffff);
}
/*
* When reaching end of EEPROM memory jump back to 0 record address
Reported by FlawFinder.
drivers/firmware/xilinx/zynqmp.c
9 issues
Line: 1111
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < ARRAY_SIZE(shutdown_scopes); i++) {
if (&shutdown_scopes[i] == selected_scope) {
strcat(buf, "[");
strcat(buf, shutdown_scopes[i].name);
strcat(buf, "]");
} else {
strcat(buf, shutdown_scopes[i].name);
}
strcat(buf, " ");
Reported by FlawFinder.
Line: 1114
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, shutdown_scopes[i].name);
strcat(buf, "]");
} else {
strcat(buf, shutdown_scopes[i].name);
}
strcat(buf, " ");
}
strcat(buf, "\n");
Reported by FlawFinder.
Line: 1183
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "0x%x\n", ret_payload[1]);
}
static ssize_t ggs_store(struct device *device,
struct device_attribute *attr,
const char *buf, size_t count,
Reported by FlawFinder.
Line: 1251
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "0x%x\n", ret_payload[1]);
}
static ssize_t pggs_store(struct device *device,
struct device_attribute *attr,
const char *buf, size_t count,
Reported by FlawFinder.
Line: 1110
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < ARRAY_SIZE(shutdown_scopes); i++) {
if (&shutdown_scopes[i] == selected_scope) {
strcat(buf, "[");
strcat(buf, shutdown_scopes[i].name);
strcat(buf, "]");
} else {
strcat(buf, shutdown_scopes[i].name);
}
Reported by FlawFinder.
Line: 1112
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (&shutdown_scopes[i] == selected_scope) {
strcat(buf, "[");
strcat(buf, shutdown_scopes[i].name);
strcat(buf, "]");
} else {
strcat(buf, shutdown_scopes[i].name);
}
strcat(buf, " ");
}
Reported by FlawFinder.
Line: 1116
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
} else {
strcat(buf, shutdown_scopes[i].name);
}
strcat(buf, " ");
}
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 1118
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
strcat(buf, " ");
}
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t shutdown_scope_store(struct device *device,
Reported by FlawFinder.
Line: 1120
Column: 9
CWE codes:
126
}
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t shutdown_scope_store(struct device *device,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/acpi/acpica/utnonansi.c
9 issues
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return (TRUE);
}
strcpy(dest, source);
return (FALSE);
}
u8 acpi_ut_safe_strcat(char *dest, acpi_size dest_size, char *source)
{
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return (TRUE);
}
strcat(dest, source);
return (FALSE);
}
u8
acpi_ut_safe_strncat(char *dest,
Reported by FlawFinder.
Line: 131
Column: 6
CWE codes:
126
u8 acpi_ut_safe_strcpy(char *dest, acpi_size dest_size, char *source)
{
if (strlen(source) >= dest_size) {
return (TRUE);
}
strcpy(dest, source);
return (FALSE);
Reported by FlawFinder.
Line: 142
Column: 7
CWE codes:
126
u8 acpi_ut_safe_strcat(char *dest, acpi_size dest_size, char *source)
{
if ((strlen(dest) + strlen(source)) >= dest_size) {
return (TRUE);
}
strcat(dest, source);
return (FALSE);
Reported by FlawFinder.
Line: 142
Column: 22
CWE codes:
126
u8 acpi_ut_safe_strcat(char *dest, acpi_size dest_size, char *source)
{
if ((strlen(dest) + strlen(source)) >= dest_size) {
return (TRUE);
}
strcat(dest, source);
return (FALSE);
Reported by FlawFinder.
Line: 157
Column: 57
CWE codes:
126
{
acpi_size actual_transfer_length;
actual_transfer_length = ACPI_MIN(max_transfer_length, strlen(source));
if ((strlen(dest) + actual_transfer_length) >= dest_size) {
return (TRUE);
}
Reported by FlawFinder.
Line: 159
Column: 7
CWE codes:
126
actual_transfer_length = ACPI_MIN(max_transfer_length, strlen(source));
if ((strlen(dest) + actual_transfer_length) >= dest_size) {
return (TRUE);
}
strncat(dest, source, max_transfer_length);
return (FALSE);
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
return (TRUE);
}
strncat(dest, source, max_transfer_length);
return (FALSE);
}
void acpi_ut_safe_strncpy(char *dest, char *source, acpi_size dest_size)
{
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
120
{
/* Always terminate destination string */
strncpy(dest, source, dest_size);
dest[dest_size - 1] = 0;
}
#endif
Reported by FlawFinder.
drivers/crypto/caam/caamalg_qi.c
9 issues
Line: 225
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE)
goto badkey;
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey,
keys.enckeylen);
dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
ctx->adata.keylen_pad +
keys.enckeylen, ctx->dir);
Reported by FlawFinder.
Line: 226
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto badkey;
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey,
keys.enckeylen);
dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
ctx->adata.keylen_pad +
keys.enckeylen, ctx->dir);
goto skip_split_key;
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto badkey;
/* postpend encryption key to auth split key */
memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
ctx->adata.keylen_pad + keys.enckeylen,
ctx->dir);
print_hex_dump_debug("ctx.key@" __stringify(__LINE__)": ",
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
dma_sync_single_for_device(jrdev->parent, ctx->key_dma, keylen,
ctx->dir);
ctx->cdata.keylen = keylen;
ret = gcm_set_sh_desc(aead);
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
/*
* The last four bytes of the key material are used as the salt value
* in the nonce. Update the AES key length.
*/
ctx->cdata.keylen = keylen - 4;
Reported by FlawFinder.
Line: 582
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
/*
* The last four bytes of the key material are used as the salt value
* in the nonce. Update the AES key length.
*/
ctx->cdata.keylen = keylen - 4;
Reported by FlawFinder.
Line: 1075
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *iv = (u8 *)(sg_table + qm_sg_ents);
/* Make sure IV is located in a DMAable area */
memcpy(iv, req->iv, ivsize);
iv_dma = dma_map_single(qidev, iv, ivsize, DMA_TO_DEVICE);
if (dma_mapping_error(qidev, iv_dma)) {
dev_err(qidev, "unable to map IV\n");
caam_unmap(qidev, req->src, req->dst, src_nents,
Reported by FlawFinder.
Line: 1237
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* This is used e.g. by the CTS mode.
*/
if (!ecode)
memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
ivsize);
qi_cache_free(edesc);
skcipher_request_complete(req, ecode);
}
Reported by FlawFinder.
Line: 1341
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Make sure IV is located in a DMAable area */
sg_table = &edesc->sgt[0];
iv = (u8 *)(sg_table + qm_sg_ents);
memcpy(iv, req->iv, ivsize);
iv_dma = dma_map_single(qidev, iv, ivsize, DMA_BIDIRECTIONAL);
if (dma_mapping_error(qidev, iv_dma)) {
dev_err(qidev, "unable to map IV\n");
caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0,
Reported by FlawFinder.
drivers/eisa/eisa-bus.c
9 issues
Line: 162
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct eisa_device *edev = to_eisa_device(dev);
return sprintf(buf, "%s\n", edev->id.sig);
}
static DEVICE_ATTR_RO(signature);
static ssize_t enabled_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 178
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct device_attribute *attr, char *buf)
{
struct eisa_device *edev = to_eisa_device(dev);
return sprintf(buf, EISA_DEVICE_MODALIAS_FMT "\n", edev->id.sig);
}
static DEVICE_ATTR_RO(modalias);
static int __init eisa_init_device(struct eisa_root_device *root,
struct eisa_device *edev,
Reported by FlawFinder.
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct eisa_device_info {
struct eisa_device_id id;
char name[50];
};
#ifdef CONFIG_EISA_NAMES
static struct eisa_device_info __initdata eisa_table[] = {
#include "devlist.h"
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
/* No name was found */
sprintf(edev->pretty_name, "EISA device %.7s", edev->id.sig);
#endif
}
static char __init *decode_eisa_sig(unsigned long addr)
{
Reported by FlawFinder.
Line: 77
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char __init *decode_eisa_sig(unsigned long addr)
{
static char sig_str[EISA_SIG_LEN];
u8 sig[4];
u16 rev;
int i;
for (i = 0; i < 4; i++) {
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sig_str[1] = (((sig[0] & 3) << 3) | (sig[1] >> 5)) + ('A' - 1);
sig_str[2] = (sig[1] & 0x1f) + ('A' - 1);
rev = (sig[2] << 8) | sig[3];
sprintf(sig_str + 3, "%04X", rev);
return sig_str;
}
static int eisa_bus_match(struct device *dev, struct device_driver *drv)
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct eisa_device *edev = to_eisa_device(dev);
return sprintf(buf, "%d\n", edev->state & EISA_CONFIG_ENABLED);
}
static DEVICE_ATTR_RO(enabled);
static ssize_t modalias_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sig)
return -1; /* No EISA device here */
memcpy(edev->id.sig, sig, EISA_SIG_LEN);
edev->slot = slot;
edev->state = inb(SLOT_ADDRESS(root, slot) + EISA_CONFIG_OFFSET)
& EISA_CONFIG_ENABLED;
edev->base_addr = SLOT_ADDRESS(root, slot);
edev->dma_mask = root->dma_mask; /* Default DMA mask */
Reported by FlawFinder.
Line: 117
Column: 9
CWE codes:
126
if (!eids)
return 0;
while (strlen(eids->sig)) {
if (!strcmp(eids->sig, edev->id.sig) &&
edev->state & EISA_CONFIG_ENABLED) {
edev->id.driver_data = eids->driver_data;
return 1;
}
Reported by FlawFinder.
drivers/edac/edac_mc.c
9 issues
Line: 1117
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
*p = '\0';
} else {
if (p != e->label) {
strcpy(p, OTHER_LABEL);
p += strlen(OTHER_LABEL);
}
strcpy(p, dimm->label);
p += strlen(p);
}
Reported by FlawFinder.
Line: 1120
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(p, OTHER_LABEL);
p += strlen(OTHER_LABEL);
}
strcpy(p, dimm->label);
p += strlen(p);
}
/*
* get csrow/channel of the DIMM, in order to allow
Reported by FlawFinder.
Line: 1156
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pos[i] < 0)
continue;
p += sprintf(p, "%s:%d ",
edac_layer_name[mci->layers[i].type],
pos[i]);
}
if (p > e->location)
*(p - 1) = '\0';
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void edac_mc_dump_dimm(struct dimm_info *dimm)
{
char location[80];
if (!dimm->nr_pages)
return;
edac_dimm_info_location(dimm, location, sizeof(location));
Reported by FlawFinder.
Line: 456
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mci->pvt_info = pvt;
mci->n_layers = n_layers;
mci->layers = layer;
memcpy(mci->layers, layers, sizeof(*layer) * n_layers);
mci->nr_csrows = tot_csrows;
mci->num_cschannel = tot_channels;
mci->csbased = per_rank;
if (edac_mc_alloc_csrows(mci))
Reported by FlawFinder.
Line: 1143
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (any_memory)
strcpy(e->label, "any memory");
else if (!*e->label)
strcpy(e->label, "unknown memory");
edac_inc_csrow(e, row, chan);
Reported by FlawFinder.
Line: 1145
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (any_memory)
strcpy(e->label, "any memory");
else if (!*e->label)
strcpy(e->label, "unknown memory");
edac_inc_csrow(e, row, chan);
/* Fill the RAM location data */
p = e->location;
Reported by FlawFinder.
Line: 1118
Column: 10
CWE codes:
126
} else {
if (p != e->label) {
strcpy(p, OTHER_LABEL);
p += strlen(OTHER_LABEL);
}
strcpy(p, dimm->label);
p += strlen(p);
}
Reported by FlawFinder.
Line: 1121
Column: 9
CWE codes:
126
p += strlen(OTHER_LABEL);
}
strcpy(p, dimm->label);
p += strlen(p);
}
/*
* get csrow/channel of the DIMM, in order to allow
* incrementing the compat API counters
Reported by FlawFinder.
tools/testing/selftests/cgroup/test_freezer.c
9 issues
Line: 19
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DEBUG
#ifdef DEBUG
#define debug(args...) fprintf(stderr, args)
#else
#define debug(args...)
#endif
/*
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int test_cgfreezer_tree(const char *root)
{
char *cgroup[10] = {0};
int ret = KSFT_FAIL;
int i;
cgroup[0] = cg_name(root, "cg_test_tree_A");
if (!cgroup[0])
Reported by FlawFinder.
Line: 511
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_cgfreezer_migrate(const char *root)
{
int ret = KSFT_FAIL;
char *cgroup[2] = {0};
int pid;
cgroup[0] = cg_name(root, "cg_test_migrate_A");
if (!cgroup[0])
goto cleanup;
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int proc_check_stopped(int pid)
{
char buf[PAGE_SIZE];
int len;
len = proc_read_text(pid, 0, "stat", buf, sizeof(buf));
if (len == -1) {
debug("Can't get %d stat\n", pid);
Reported by FlawFinder.
Line: 765
Column: 12
CWE codes:
362
Suggestion:
Use fork() instead
static int vfork_fn(const char *cgroup, void *arg)
{
int pid = vfork();
if (pid == 0)
while (true)
sleep(1);
Reported by FlawFinder.
Line: 827
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
char root[PATH_MAX];
int i, ret = EXIT_SUCCESS;
if (cg_find_unified_root(root, sizeof(root)))
ksft_exit_skip("cgroup v2 isn't mounted\n");
for (i = 0; i < ARRAY_SIZE(tests); i++) {
Reported by FlawFinder.
Line: 126
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
int ppid = getppid();
while (getppid() == ppid)
usleep(1000);
return getppid() == ppid;
}
/*
Reported by FlawFinder.
Line: 350
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
ppid = getppid();
while (getppid() == ppid)
usleep(1000);
return getppid() == ppid;
}
/*
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
cg_run_nowait(cgroup, forkbomb_fn, NULL);
usleep(100000);
if (cg_freeze_wait(cgroup, true))
goto cleanup;
if (cg_killall(cgroup))
Reported by FlawFinder.