The following issues were found
fs/nls/nls_cp866.c
9 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x2116, 0x00a4, 0x25a0, 0x00a0,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 126
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfa, /* 0xb0-0xb7 */
};
static const unsigned char page04[256] = {
0x00, 0xf0, 0x00, 0x00, 0xf2, 0x00, 0x00, 0xf4, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf6, 0x00, /* 0x08-0x0f */
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 0x10-0x17 */
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, /* 0x18-0x1f */
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 141
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf7, 0x00, /* 0x58-0x5f */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0x00, /* 0x10-0x17 */
};
Reported by FlawFinder.
Line: 147
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0x00, /* 0x10-0x17 */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0xf9, 0xfb, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
};
Reported by FlawFinder.
Line: 154
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0xf9, 0xfb, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
};
static const unsigned char page25[256] = {
0xc4, 0x00, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0xda, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0xbf, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd9, 0x00, 0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0xb4, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 179
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xa0-0xa7 */
};
static const unsigned char *const page_uni2charset[256] = {
page00, NULL, NULL, NULL, page04, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, page21, page22, NULL, NULL, page25, NULL, NULL,
Reported by FlawFinder.
Line: 187
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL, page21, page22, NULL, NULL, page25, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 223
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
fs/nfsd/nfs4idmap.c
9 issues
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cache_head h;
int type; /* User / Group */
u32 id;
char name[IDMAP_NAMESZ];
char authname[IDMAP_NAMESZ];
struct rcu_head rcu_head;
};
/* Common entry handling */
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int type; /* User / Group */
u32 id;
char name[IDMAP_NAMESZ];
char authname[IDMAP_NAMESZ];
struct rcu_head rcu_head;
};
/* Common entry handling */
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *blen)
{
struct ent *ent = container_of(ch, struct ent, h);
char idstr[11];
qword_add(bpp, blen, ent->authname);
snprintf(idstr, sizeof(idstr), "%u", ent->id);
qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
qword_add(bpp, blen, idstr);
Reported by FlawFinder.
Line: 549
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (namelen + 1 > sizeof(key.name))
return nfserr_badowner;
memcpy(key.name, name, namelen);
key.name[namelen] = '\0';
strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
ret = idmap_lookup(rqstp, nametoid_lookup, &key, nn->nametoid_cache, &item);
if (ret == -ENOENT)
return nfserr_badowner;
Reported by FlawFinder.
Line: 564
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __be32 encode_ascii_id(struct xdr_stream *xdr, u32 id)
{
char buf[11];
int len;
__be32 *p;
len = sprintf(buf, "%u", id);
p = xdr_reserve_space(xdr, len + 4);
Reported by FlawFinder.
Line: 568
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int len;
__be32 *p;
len = sprintf(buf, "%u", id);
p = xdr_reserve_space(xdr, len + 4);
if (!p)
return nfserr_resource;
p = xdr_encode_opaque(p, buf, len);
return 0;
Reported by FlawFinder.
Line: 607
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, u32 *id)
{
int ret;
char buf[11];
if (namelen + 1 > sizeof(buf))
/* too long to represent a 32-bit id: */
return false;
/* Just to make sure it's null-terminated: */
Reported by FlawFinder.
Line: 613
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* too long to represent a 32-bit id: */
return false;
/* Just to make sure it's null-terminated: */
memcpy(buf, name, namelen);
buf[namelen] = '\0';
ret = kstrtouint(buf, 10, id);
return ret == 0;
}
Reported by FlawFinder.
Line: 593
Column: 8
CWE codes:
126
return encode_ascii_id(xdr, id);
if (ret)
return nfserrno(ret);
ret = strlen(item->name);
WARN_ON_ONCE(ret > IDMAP_NAMESZ);
p = xdr_reserve_space(xdr, ret + 4);
if (!p)
return nfserr_resource;
p = xdr_encode_opaque(p, item->name, ret);
Reported by FlawFinder.
arch/mips/txx9/generic/setup_tx4939.c
9 issues
Line: 503
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init tx4939_stop_unused_modules(void)
{
__u64 pcfg, rst = 0, ckd = 0;
char buf[128];
buf[0] = '\0';
local_irq_disable();
pcfg = ____raw_readq(&tx4939_ccfgptr->pcfg);
if ((pcfg & TX4939_PCFG_I2SMODE_MASK) !=
Reported by FlawFinder.
Line: 512
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
TX4939_PCFG_I2SMODE_ACLC) {
rst |= TX4939_CLKCTR_ACLRST;
ckd |= TX4939_CLKCTR_ACLCKD;
strcat(buf, " ACLC");
}
if ((pcfg & TX4939_PCFG_I2SMODE_MASK) !=
TX4939_PCFG_I2SMODE_I2S &&
(pcfg & TX4939_PCFG_I2SMODE_MASK) !=
TX4939_PCFG_I2SMODE_I2S_ALT) {
Reported by FlawFinder.
Line: 520
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
TX4939_PCFG_I2SMODE_I2S_ALT) {
rst |= TX4939_CLKCTR_I2SRST;
ckd |= TX4939_CLKCTR_I2SCKD;
strcat(buf, " I2S");
}
if (!(pcfg & TX4939_PCFG_ATA0MODE)) {
rst |= TX4939_CLKCTR_ATA0RST;
ckd |= TX4939_CLKCTR_ATA0CKD;
strcat(buf, " ATA0");
Reported by FlawFinder.
Line: 525
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & TX4939_PCFG_ATA0MODE)) {
rst |= TX4939_CLKCTR_ATA0RST;
ckd |= TX4939_CLKCTR_ATA0CKD;
strcat(buf, " ATA0");
}
if (!(pcfg & TX4939_PCFG_ATA1MODE)) {
rst |= TX4939_CLKCTR_ATA1RST;
ckd |= TX4939_CLKCTR_ATA1CKD;
strcat(buf, " ATA1");
Reported by FlawFinder.
Line: 530
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & TX4939_PCFG_ATA1MODE)) {
rst |= TX4939_CLKCTR_ATA1RST;
ckd |= TX4939_CLKCTR_ATA1CKD;
strcat(buf, " ATA1");
}
if (pcfg & TX4939_PCFG_SPIMODE) {
rst |= TX4939_CLKCTR_SPIRST;
ckd |= TX4939_CLKCTR_SPICKD;
strcat(buf, " SPI");
Reported by FlawFinder.
Line: 535
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (pcfg & TX4939_PCFG_SPIMODE) {
rst |= TX4939_CLKCTR_SPIRST;
ckd |= TX4939_CLKCTR_SPICKD;
strcat(buf, " SPI");
}
if (!(pcfg & (TX4939_PCFG_VSSMODE | TX4939_PCFG_VPSMODE))) {
rst |= TX4939_CLKCTR_VPCRST;
ckd |= TX4939_CLKCTR_VPCCKD;
strcat(buf, " VPC");
Reported by FlawFinder.
Line: 540
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & (TX4939_PCFG_VSSMODE | TX4939_PCFG_VPSMODE))) {
rst |= TX4939_CLKCTR_VPCRST;
ckd |= TX4939_CLKCTR_VPCCKD;
strcat(buf, " VPC");
}
if ((pcfg & TX4939_PCFG_SIO2MODE_MASK) != TX4939_PCFG_SIO2MODE_SIO2) {
rst |= TX4939_CLKCTR_SIO2RST;
ckd |= TX4939_CLKCTR_SIO2CKD;
strcat(buf, " SIO2");
Reported by FlawFinder.
Line: 545
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if ((pcfg & TX4939_PCFG_SIO2MODE_MASK) != TX4939_PCFG_SIO2MODE_SIO2) {
rst |= TX4939_CLKCTR_SIO2RST;
ckd |= TX4939_CLKCTR_SIO2CKD;
strcat(buf, " SIO2");
}
if (pcfg & TX4939_PCFG_SIO3MODE) {
rst |= TX4939_CLKCTR_SIO3RST;
ckd |= TX4939_CLKCTR_SIO3CKD;
strcat(buf, " SIO3");
Reported by FlawFinder.
Line: 550
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (pcfg & TX4939_PCFG_SIO3MODE) {
rst |= TX4939_CLKCTR_SIO3RST;
ckd |= TX4939_CLKCTR_SIO3CKD;
strcat(buf, " SIO3");
}
if (rst | ckd) {
txx9_set64(&tx4939_ccfgptr->clkctr, rst);
txx9_set64(&tx4939_ccfgptr->clkctr, ckd);
}
Reported by FlawFinder.
arch/mips/fw/arc/cmdline.c
9 issues
Line: 54
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!strncmp(prom_argv(actr), used_arc[i][0], len)) {
/* Ok, we want it. First append the replacement... */
strcat(cp, used_arc[i][1]);
cp += strlen(used_arc[i][1]);
/* ... and now the argument */
s = strchr(prom_argv(actr), '=');
if (s) {
s++;
Reported by FlawFinder.
Line: 60
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
s = strchr(prom_argv(actr), '=');
if (s) {
s++;
strcpy(cp, s);
cp += strlen(s);
}
*cp++ = ' ';
break;
}
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto pic_cont;
}
/* Ok, we want it. */
strcpy(cp, prom_argv(actr));
cp += strlen(prom_argv(actr));
*cp++ = ' ';
pic_cont:
actr++;
Reported by FlawFinder.
Line: 24
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* A 32-bit ARC PROM pass arguments and environment as 32-bit pointer.
* These macro take care of sign extension.
*/
#define prom_argv(index) ((char *) (long)argv[(index)])
static char *ignored[] = {
"ConsoleIn=",
"ConsoleOut=",
"SystemPartition=",
Reported by FlawFinder.
Line: 50
Column: 14
CWE codes:
126
while (actr < argc) {
for(i = 0; i < ARRAY_SIZE(used_arc); i++) {
int len = strlen(used_arc[i][0]);
if (!strncmp(prom_argv(actr), used_arc[i][0], len)) {
/* Ok, we want it. First append the replacement... */
strcat(cp, used_arc[i][1]);
cp += strlen(used_arc[i][1]);
Reported by FlawFinder.
Line: 55
Column: 11
CWE codes:
126
if (!strncmp(prom_argv(actr), used_arc[i][0], len)) {
/* Ok, we want it. First append the replacement... */
strcat(cp, used_arc[i][1]);
cp += strlen(used_arc[i][1]);
/* ... and now the argument */
s = strchr(prom_argv(actr), '=');
if (s) {
s++;
strcpy(cp, s);
Reported by FlawFinder.
Line: 61
Column: 12
CWE codes:
126
if (s) {
s++;
strcpy(cp, s);
cp += strlen(s);
}
*cp++ = ' ';
break;
}
}
Reported by FlawFinder.
Line: 89
Column: 14
CWE codes:
126
while (actr < argc) {
for (i = 0; i < ARRAY_SIZE(ignored); i++) {
int len = strlen(ignored[i]);
if (!strncmp(prom_argv(actr), ignored[i], len))
goto pic_cont;
}
/* Ok, we want it. */
Reported by FlawFinder.
Line: 96
Column: 9
CWE codes:
126
}
/* Ok, we want it. */
strcpy(cp, prom_argv(actr));
cp += strlen(prom_argv(actr));
*cp++ = ' ';
pic_cont:
actr++;
}
Reported by FlawFinder.
arch/parisc/kernel/drivers.c
9 issues
Line: 593
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
static ssize_t name##_show(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct parisc_device *padev = to_parisc_device(dev); \
return sprintf(buf, format_string, padev->field); \
} \
static DEVICE_ATTR_RO(name);
#define pa_dev_attr_id(field, format) pa_dev_attr(field, id.field, format)
Reported by FlawFinder.
Line: 340
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < 6; i++) {
if (path->bc[i] == -1)
continue;
output += sprintf(output, "%u/", (unsigned char) path->bc[i]);
}
output += sprintf(output, "%u", (unsigned char) path->mod);
return output;
}
Reported by FlawFinder.
Line: 342
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
continue;
output += sprintf(output, "%u/", (unsigned char) path->bc[i]);
}
output += sprintf(output, "%u", (unsigned char) path->mod);
return output;
}
/**
* print_pa_hwpath - Returns hardware path for PA devices
Reported by FlawFinder.
Line: 404
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void setup_bus_id(struct parisc_device *padev)
{
struct hardware_path path;
char name[28];
char *output = name;
int i;
get_node_path(padev->dev.parent, &path);
Reported by FlawFinder.
Line: 413
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < 6; i++) {
if (path.bc[i] == -1)
continue;
output += sprintf(output, "%u:", (unsigned char) path.bc[i]);
}
sprintf(output, "%u", (unsigned char) padev->hw_path);
dev_set_name(&padev->dev, name);
}
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
continue;
output += sprintf(output, "%u:", (unsigned char) path.bc[i]);
}
sprintf(output, "%u", (unsigned char) padev->hw_path);
dev_set_name(&padev->dev, name);
}
struct parisc_device * __init create_tree_node(char id, struct device *parent)
{
Reported by FlawFinder.
Line: 562
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
const struct parisc_device *padev = to_parisc_device(dev);
const struct parisc_device_id *id = &padev->id;
return sprintf(buf, "parisc:t%02Xhv%04Xrev%02Xsv%08X\n",
(u8)id->hw_type, (u16)id->hversion, (u8)id->hversion_rev,
(u32)id->sversion);
}
static int parisc_uevent(struct device *dev, struct kobj_uevent_env *env)
Reported by FlawFinder.
Line: 570
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parisc_uevent(struct device *dev, struct kobj_uevent_env *env)
{
const struct parisc_device *padev;
char modalias[40];
if (!dev)
return -ENODEV;
padev = to_parisc_device(dev);
Reported by FlawFinder.
Line: 889
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_parisc_device(struct parisc_device *dev)
{
char hw_path[64];
static int count;
print_pa_hwpath(dev, hw_path);
pr_info("%d. %s at %pap [%s] { %d, 0x%x, 0x%.3x, 0x%.5x }",
++count, dev->name, &(dev->hpa.start), hw_path, dev->id.hw_type,
Reported by FlawFinder.
arch/um/os-Linux/process.c
9 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long os_process_pc(int pid)
{
char proc_stat[STAT_PATH_LEN], buf[256];
unsigned long pc = ARBITRARY_ADDR;
int fd, err;
sprintf(proc_stat, "/proc/%d/stat", pid);
fd = open(proc_stat, O_RDONLY, 0);
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unsigned long pc = ARBITRARY_ADDR;
int fd, err;
sprintf(proc_stat, "/proc/%d/stat", pid);
fd = open(proc_stat, O_RDONLY, 0);
if (fd < 0) {
printk(UM_KERN_ERR "os_process_pc - couldn't open '%s', "
"errno = %d\n", proc_stat, errno);
goto out;
Reported by FlawFinder.
Line: 34
Column: 7
CWE codes:
362
int fd, err;
sprintf(proc_stat, "/proc/%d/stat", pid);
fd = open(proc_stat, O_RDONLY, 0);
if (fd < 0) {
printk(UM_KERN_ERR "os_process_pc - couldn't open '%s', "
"errno = %d\n", proc_stat, errno);
goto out;
}
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int os_process_parent(int pid)
{
char stat[STAT_PATH_LEN];
char data[256];
int parent = FAILURE_PID, n, fd;
if (pid == -1)
return parent;
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int os_process_parent(int pid)
{
char stat[STAT_PATH_LEN];
char data[256];
int parent = FAILURE_PID, n, fd;
if (pid == -1)
return parent;
Reported by FlawFinder.
Line: 69
Column: 7
CWE codes:
362
return parent;
snprintf(stat, sizeof(stat), "/proc/%d/stat", pid);
fd = open(stat, O_RDONLY, 0);
if (fd < 0) {
printk(UM_KERN_ERR "Couldn't open '%s', errno = %d\n", stat,
errno);
return parent;
}
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int os_page_mincore(void *addr)
{
char vec[2];
int ret;
ret = mincore(addr, UM_KERN_PAGE_SIZE, vec);
if (ret < 0) {
if (errno == ENOMEM || errno == EINVAL)
Reported by FlawFinder.
Line: 40
Column: 20
CWE codes:
120
20
"errno = %d\n", proc_stat, errno);
goto out;
}
CATCH_EINTR(err = read(fd, buf, sizeof(buf)));
if (err < 0) {
printk(UM_KERN_ERR "os_process_pc - couldn't read '%s', "
"err = %d\n", proc_stat, errno);
goto out_close;
}
Reported by FlawFinder.
Line: 76
Column: 18
CWE codes:
120
20
return parent;
}
CATCH_EINTR(n = read(fd, data, sizeof(data)));
close(fd);
if (n < 0) {
printk(UM_KERN_ERR "Couldn't read '%s', errno = %d\n", stat,
errno);
Reported by FlawFinder.
arch/mips/netlogic/xlr/setup.c
9 issues
Line: 110
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
len = strlen(arg);
if (len + 1 > remain)
break;
strcat(arcs_cmdline, arg);
strcat(arcs_cmdline, " ");
remain -= len + 1;
}
/* Add the default options here */
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
len = strlen(arg);
if (len > remain)
goto fail;
strcat(arcs_cmdline, arg);
remain -= len;
}
#ifdef CONFIG_BLK_DEV_INITRD
if ((strstr(arcs_cmdline, "rdinit=")) == NULL) {
arg = "rdinit=/sbin/init ";
Reported by FlawFinder.
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
len = strlen(arg);
if (len > remain)
goto fail;
strcat(arcs_cmdline, arg);
remain -= len;
}
#endif
return;
fail:
Reported by FlawFinder.
Line: 106
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
remain = sizeof(arcs_cmdline) - 1;
arcs_cmdline[0] = '\0';
for (i = 0; argv[i] != 0; i++) {
arg = (char *)(long)argv[i];
len = strlen(arg);
if (len + 1 > remain)
break;
strcat(arcs_cmdline, arg);
strcat(arcs_cmdline, " ");
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update reset entry point with CPU init code */
reset_vec = (void *)CKSEG1ADDR(RESET_VEC_PHYS);
memset(reset_vec, 0, RESET_VEC_SIZE);
memcpy(reset_vec, (void *)nlm_reset_entry,
(nlm_reset_entry_end - nlm_reset_entry));
build_arcs_cmdline(argv);
prom_add_memory();
Reported by FlawFinder.
Line: 107
Column: 9
CWE codes:
126
arcs_cmdline[0] = '\0';
for (i = 0; argv[i] != 0; i++) {
arg = (char *)(long)argv[i];
len = strlen(arg);
if (len + 1 > remain)
break;
strcat(arcs_cmdline, arg);
strcat(arcs_cmdline, " ");
remain -= len + 1;
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (len + 1 > remain)
break;
strcat(arcs_cmdline, arg);
strcat(arcs_cmdline, " ");
remain -= len + 1;
}
/* Add the default options here */
if ((strstr(arcs_cmdline, "console=")) == NULL) {
Reported by FlawFinder.
Line: 118
Column: 9
CWE codes:
126
/* Add the default options here */
if ((strstr(arcs_cmdline, "console=")) == NULL) {
arg = "console=ttyS0,38400 ";
len = strlen(arg);
if (len > remain)
goto fail;
strcat(arcs_cmdline, arg);
remain -= len;
}
Reported by FlawFinder.
Line: 127
Column: 9
CWE codes:
126
#ifdef CONFIG_BLK_DEV_INITRD
if ((strstr(arcs_cmdline, "rdinit=")) == NULL) {
arg = "rdinit=/sbin/init ";
len = strlen(arg);
if (len > remain)
goto fail;
strcat(arcs_cmdline, arg);
remain -= len;
}
Reported by FlawFinder.
arch/s390/crypto/prng.c
9 issues
Line: 298
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
static const u8 random[] __initconst = {
0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
Reported by FlawFinder.
Line: 332
Column: 16
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
u8 buf[sizeof(random)];
struct prno_ws_s ws;
memset(&ws, 0, sizeof(ws));
/* initial seed */
Reported by FlawFinder.
Line: 357
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
&ws, buf, sizeof(buf), NULL, 0);
/* check against expected data */
if (memcmp(buf, random, sizeof(random)) != 0) {
pr_err("The prng self test data test "
"for the SHA-512 mode failed\n");
prng_errorflag = PRNG_SELFTEST_FAILED;
return -EIO;
}
Reported by FlawFinder.
Line: 357
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
&ws, buf, sizeof(buf), NULL, 0);
/* check against expected data */
if (memcmp(buf, random, sizeof(random)) != 0) {
pr_err("The prng self test data test "
"for the SHA-512 mode failed\n");
prng_errorflag = PRNG_SELFTEST_FAILED;
return -EIO;
}
Reported by FlawFinder.
Line: 172
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* hash over the filled page */
cpacf_klmd(CPACF_KLMD_SHA_512, pblock, pg, PAGE_SIZE);
n = (nbytes < 64) ? nbytes : 64;
memcpy(ebuf, pblock, n);
ret += n;
ebuf += n;
nbytes -= n;
}
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
(char *) entropy, (char *) entropy,
sizeof(entropy));
memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
}
}
static void prng_tdes_seed(int nbytes)
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void prng_tdes_seed(int nbytes)
{
char buf[16];
int i = 0;
BUG_ON(nbytes > sizeof(buf));
get_random_bytes(buf, nbytes);
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
mutex_init(&prng_data->mutex);
prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
/* initialize the PRNG, add 128 bits of entropy */
prng_tdes_seed(16);
return 0;
Reported by FlawFinder.
Line: 497
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prng_errorflag = PRNG_GEN_FAILED;
return -EILSEQ;
}
memcpy(prng_data->prev, buf, nbytes);
}
return nbytes;
}
Reported by FlawFinder.
arch/s390/crypto/des_s390.c
9 issues
Line: 45
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ctx->key, key, key_len);
return 0;
}
static int des_setkey_skcipher(struct crypto_skcipher *tfm, const u8 *key,
unsigned int key_len)
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = skcipher_walk_virt(&walk, req, false);
if (ret)
return ret;
memcpy(param.iv, walk.iv, DES_BLOCK_SIZE);
memcpy(param.key, ctx->key, DES3_KEY_SIZE);
while ((nbytes = walk.nbytes) != 0) {
/* only use complete blocks */
n = nbytes & ~(DES_BLOCK_SIZE - 1);
cpacf_kmc(fc, ¶m, walk.dst.virt.addr,
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(param.iv, walk.iv, DES_BLOCK_SIZE);
memcpy(param.key, ctx->key, DES3_KEY_SIZE);
while ((nbytes = walk.nbytes) != 0) {
/* only use complete blocks */
n = nbytes & ~(DES_BLOCK_SIZE - 1);
cpacf_kmc(fc, ¶m, walk.dst.virt.addr,
walk.src.virt.addr, n);
Reported by FlawFinder.
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n = nbytes & ~(DES_BLOCK_SIZE - 1);
cpacf_kmc(fc, ¶m, walk.dst.virt.addr,
walk.src.virt.addr, n);
memcpy(walk.iv, param.iv, DES_BLOCK_SIZE);
ret = skcipher_walk_done(&walk, nbytes - n);
}
return ret;
}
Reported by FlawFinder.
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ctx->key, key, key_len);
return 0;
}
static int des3_setkey_skcipher(struct crypto_skcipher *tfm, const u8 *key,
unsigned int key_len)
Reported by FlawFinder.
Line: 309
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* align to block size, max. PAGE_SIZE */
n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(DES_BLOCK_SIZE - 1);
memcpy(ctrptr, iv, DES_BLOCK_SIZE);
for (i = (n / DES_BLOCK_SIZE) - 1; i > 0; i--) {
memcpy(ctrptr + DES_BLOCK_SIZE, ctrptr, DES_BLOCK_SIZE);
crypto_inc(ctrptr + DES_BLOCK_SIZE, DES_BLOCK_SIZE);
ctrptr += DES_BLOCK_SIZE;
}
Reported by FlawFinder.
Line: 311
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(DES_BLOCK_SIZE - 1);
memcpy(ctrptr, iv, DES_BLOCK_SIZE);
for (i = (n / DES_BLOCK_SIZE) - 1; i > 0; i--) {
memcpy(ctrptr + DES_BLOCK_SIZE, ctrptr, DES_BLOCK_SIZE);
crypto_inc(ctrptr + DES_BLOCK_SIZE, DES_BLOCK_SIZE);
ctrptr += DES_BLOCK_SIZE;
}
return n;
}
Reported by FlawFinder.
Line: 338
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpacf_kmctr(fc, ctx->key, walk.dst.virt.addr,
walk.src.virt.addr, n, ctrptr);
if (ctrptr == ctrblk)
memcpy(walk.iv, ctrptr + n - DES_BLOCK_SIZE,
DES_BLOCK_SIZE);
crypto_inc(walk.iv, DES_BLOCK_SIZE);
ret = skcipher_walk_done(&walk, nbytes - n);
}
if (locked)
Reported by FlawFinder.
Line: 349
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nbytes) {
cpacf_kmctr(fc, ctx->key, buf, walk.src.virt.addr,
DES_BLOCK_SIZE, walk.iv);
memcpy(walk.dst.virt.addr, buf, nbytes);
crypto_inc(walk.iv, DES_BLOCK_SIZE);
ret = skcipher_walk_done(&walk, 0);
}
return ret;
}
Reported by FlawFinder.
arch/x86/math-emu/fpu_trig.c
9 issues
Line: 90
CWE codes:
758
FULL_PRECISION, SIGN_POS,
exponent(&CONST_PI2extra) +
exponent(&tmp));
setsign(&tmp, getsign(&CONST_PI2extra));
st0_tag = FPU_add(&tmp, tmptag, 0, FULL_PRECISION);
if (signnegative(st0_ptr)) {
/* CONST_PI2extra is negative, so the result of the addition
can be negative. This means that the argument is actually
in a different quadrant. The correction is always < pi/2,
Reported by Cppcheck.
Line: 90
CWE codes:
758
FULL_PRECISION, SIGN_POS,
exponent(&CONST_PI2extra) +
exponent(&tmp));
setsign(&tmp, getsign(&CONST_PI2extra));
st0_tag = FPU_add(&tmp, tmptag, 0, FULL_PRECISION);
if (signnegative(st0_ptr)) {
/* CONST_PI2extra is negative, so the result of the addition
can be negative. This means that the argument is actually
in a different quadrant. The correction is always < pi/2,
Reported by Cppcheck.
Line: 123
CWE codes:
758
FULL_PRECISION, SIGN_POS,
exponent(&CONST_PI2extra) +
exponent(&tmp));
setsign(&tmp, getsign(&CONST_PI2extra));
st0_tag = FPU_sub(LOADED | (tmptag & 0x0f), (int)&tmp,
FULL_PRECISION);
if ((exponent(st0_ptr) == exponent(&CONST_PI2)) &&
((st0_ptr->sigh > CONST_PI2.sigh)
|| ((st0_ptr->sigh == CONST_PI2.sigh)
Reported by Cppcheck.
Line: 123
CWE codes:
758
FULL_PRECISION, SIGN_POS,
exponent(&CONST_PI2extra) +
exponent(&tmp));
setsign(&tmp, getsign(&CONST_PI2extra));
st0_tag = FPU_sub(LOADED | (tmptag & 0x0f), (int)&tmp,
FULL_PRECISION);
if ((exponent(st0_ptr) == exponent(&CONST_PI2)) &&
((st0_ptr->sigh > CONST_PI2.sigh)
|| ((st0_ptr->sigh == CONST_PI2.sigh)
Reported by Cppcheck.
Line: 823
CWE codes:
758
tag = FPU_u_div(&st0, &st1, &tmp,
PR_64_BITS | RC_CHOP | 0x3f,
sign);
setsign(&tmp, sign);
if (exponent(&tmp) >= 0) {
FPU_round_to_int(&tmp, tag); /* Fortunately, this can't
overflow to 2^64 */
q = significand(&tmp);
Reported by Cppcheck.
Line: 896
CWE codes:
758
setexponent16(&st1, 0);
expdif -= N;
sign = getsign(&tmp) ^ st1_sign;
tag =
FPU_u_div(&tmp, &st1, &tmp,
PR_64_BITS | RC_CHOP | 0x3f, sign);
setsign(&tmp, sign);
Reported by Cppcheck.
Line: 900
CWE codes:
758
tag =
FPU_u_div(&tmp, &st1, &tmp,
PR_64_BITS | RC_CHOP | 0x3f, sign);
setsign(&tmp, sign);
FPU_round_to_int(&tmp, tag); /* Fortunately, this can't
overflow to 2^64 */
rem_kernel(significand(&st0),
Reported by Cppcheck.
Line: 922
CWE codes:
758
control_word = old_cw;
partial_status = saved_status;
FPU_copy_to_reg0(&CONST_Z, TAG_Zero);
setsign(&st0, st0_sign);
#ifdef PECULIAR_486
setcc(SW_C2);
#else
setcc(0);
#endif /* PECULIAR_486 */
Reported by Cppcheck.
Line: 1061
CWE codes:
758
setexponent16(&exponent, 31);
tag = FPU_normalize_nuo(&exponent);
stdexp(&exponent);
setsign(&exponent, esign);
tag =
FPU_mul(&exponent, tag, 1, FULL_PRECISION);
if (tag >= 0)
FPU_settagi(1, tag);
} else {
Reported by Cppcheck.