The following issues were found
kernel/trace/trace.h
9 issues
Line: 1460
Column: 66
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
char *filter_string);
extern int apply_subsystem_event_filter(struct trace_subsystem_dir *dir,
char *filter_string);
extern void print_subsystem_event_filter(struct event_subsystem *system,
struct trace_seq *s);
extern int filter_assign_type(const char *type);
extern int create_event_filter(struct trace_array *tr,
struct trace_event_call *call,
char *filter_str, bool set_str,
Reported by FlawFinder.
Line: 1481
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
extern void __trace_early_add_events(struct trace_array *tr);
extern struct trace_event_file *__find_event_file(struct trace_array *tr,
const char *system,
const char *event);
extern struct trace_event_file *find_event_file(struct trace_array *tr,
const char *system,
const char *event);
Reported by FlawFinder.
Line: 1484
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
const char *system,
const char *event);
extern struct trace_event_file *find_event_file(struct trace_array *tr,
const char *system,
const char *event);
static inline void *event_file_data(struct file *filp)
{
return READ_ONCE(file_inode(filp)->i_private);
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 preempt_timestamp;
pid_t pid;
kuid_t uid;
char comm[TASK_COMM_LEN];
#ifdef CONFIG_FUNCTION_TRACER
int ftrace_ignore_pid;
#endif
bool ignore_pid;
Reported by FlawFinder.
Line: 335
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int n_err_log_entries;
struct tracer *current_trace;
unsigned int trace_flags;
unsigned char trace_flags_index[TRACE_FLAGS_MAX_SIZE];
unsigned int flags;
raw_spinlock_t start_lock;
struct list_head err_log;
struct dentry *dir;
struct dentry *options;
Reported by FlawFinder.
Line: 519
Column: 11
CWE codes:
362
void (*start)(struct trace_array *tr);
void (*stop)(struct trace_array *tr);
int (*update_thresh)(struct trace_array *tr);
void (*open)(struct trace_iterator *iter);
void (*pipe_open)(struct trace_iterator *iter);
void (*close)(struct trace_iterator *iter);
void (*pipe_close)(struct trace_iterator *iter);
ssize_t (*read)(struct trace_iterator *iter,
struct file *filp, char __user *ubuf,
Reported by FlawFinder.
Line: 1422
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct regex {
char pattern[MAX_FILTER_STR_VAL];
int len;
int field_len;
regex_match_func match;
};
Reported by FlawFinder.
Line: 523
Column: 14
CWE codes:
120
20
void (*pipe_open)(struct trace_iterator *iter);
void (*close)(struct trace_iterator *iter);
void (*pipe_close)(struct trace_iterator *iter);
ssize_t (*read)(struct trace_iterator *iter,
struct file *filp, char __user *ubuf,
size_t cnt, loff_t *ppos);
ssize_t (*splice_read)(struct trace_iterator *iter,
struct file *filp,
loff_t *ppos,
Reported by FlawFinder.
Line: 1819
Column: 63
CWE codes:
126
* about performance). The internal_trace_puts() is for such
* a purpose.
*/
#define internal_trace_puts(str) __trace_puts(_THIS_IP_, str, strlen(str))
#undef FTRACE_ENTRY
#define FTRACE_ENTRY(call, struct_name, id, tstruct, print) \
extern struct trace_event_call \
__aligned(4) event_##call;
Reported by FlawFinder.
net/mac80211/mesh_pathtbl.c
9 issues
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irqsave(&mpath->frame_queue.lock, flags);
skb_queue_walk(&mpath->frame_queue, skb) {
hdr = (struct ieee80211_hdr *) skb->data;
memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
memcpy(hdr->addr2, mpath->sdata->vif.addr, ETH_ALEN);
ieee80211_mps_set_frame_flags(sta->sdata, sta, hdr);
}
spin_unlock_irqrestore(&mpath->frame_queue.lock, flags);
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_queue_walk(&mpath->frame_queue, skb) {
hdr = (struct ieee80211_hdr *) skb->data;
memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
memcpy(hdr->addr2, mpath->sdata->vif.addr, ETH_ALEN);
ieee80211_mps_set_frame_flags(sta->sdata, sta, hdr);
}
spin_unlock_irqrestore(&mpath->frame_queue.lock, flags);
}
Reported by FlawFinder.
Line: 128
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* the new addresses */
mshdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
mshdr->flags = MESH_FLAGS_AE_A5_A6;
memcpy(mshdr->eaddr1, hdr->addr3, ETH_ALEN);
memcpy(mshdr->eaddr2, hdr->addr4, ETH_ALEN);
}
/* update next hop */
hdr = (struct ieee80211_hdr *) skb->data;
Reported by FlawFinder.
Line: 129
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mshdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
mshdr->flags = MESH_FLAGS_AE_A5_A6;
memcpy(mshdr->eaddr1, hdr->addr3, ETH_ALEN);
memcpy(mshdr->eaddr2, hdr->addr4, ETH_ALEN);
}
/* update next hop */
hdr = (struct ieee80211_hdr *) skb->data;
rcu_read_lock();
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr = (struct ieee80211_hdr *) skb->data;
rcu_read_lock();
next_hop = rcu_dereference(gate_mpath->next_hop)->sta.addr;
memcpy(hdr->addr1, next_hop, ETH_ALEN);
rcu_read_unlock();
memcpy(hdr->addr2, gate_mpath->sdata->vif.addr, ETH_ALEN);
memcpy(hdr->addr3, dst_addr, ETH_ALEN);
}
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
next_hop = rcu_dereference(gate_mpath->next_hop)->sta.addr;
memcpy(hdr->addr1, next_hop, ETH_ALEN);
rcu_read_unlock();
memcpy(hdr->addr2, gate_mpath->sdata->vif.addr, ETH_ALEN);
memcpy(hdr->addr3, dst_addr, ETH_ALEN);
}
/**
* mesh_path_move_to_queue - Move or copy frames from one mpath queue to another
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(hdr->addr1, next_hop, ETH_ALEN);
rcu_read_unlock();
memcpy(hdr->addr2, gate_mpath->sdata->vif.addr, ETH_ALEN);
memcpy(hdr->addr3, dst_addr, ETH_ALEN);
}
/**
* mesh_path_move_to_queue - Move or copy frames from one mpath queue to another
*
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_mpath)
return NULL;
memcpy(new_mpath->dst, dst, ETH_ALEN);
eth_broadcast_addr(new_mpath->rann_snd_addr);
new_mpath->is_root = false;
new_mpath->sdata = sdata;
new_mpath->flags = 0;
skb_queue_head_init(&new_mpath->frame_queue);
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_mpath)
return -ENOMEM;
memcpy(new_mpath->mpp, mpp, ETH_ALEN);
tbl = sdata->u.mesh.mpp_paths;
spin_lock_bh(&tbl->walk_lock);
ret = rhashtable_lookup_insert_fast(&tbl->rhead,
&new_mpath->rhash,
Reported by FlawFinder.
net/netfilter/nf_log.c
9 issues
Line: 226
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (logger) {
va_start(args, fmt);
vsnprintf(prefix, sizeof(prefix), fmt, args);
va_end(args);
logger->logfn(net, pf, hooknum, skb, in, out, loginfo, prefix);
}
rcu_read_unlock();
}
Reported by FlawFinder.
Line: 250
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
logger = rcu_dereference(net->nf.nf_loggers[pf]);
if (logger) {
va_start(args, fmt);
vsnprintf(prefix, sizeof(prefix), fmt, args);
va_end(args);
logger->logfn(net, pf, hooknum, skb, in, out, loginfo, prefix);
}
rcu_read_unlock();
}
Reported by FlawFinder.
Line: 273
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (likely(m->count < S_SIZE)) {
va_start(args, f);
len = vsnprintf(m->buf + m->count, S_SIZE - m->count, f, args);
va_end(args);
if (likely(m->count + len < S_SIZE)) {
m->count += len;
return 0;
}
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fmt, ...)
{
va_list args;
char prefix[NF_LOG_PREFIXLEN];
const struct nf_logger *logger;
rcu_read_lock();
if (loginfo != NULL)
logger = rcu_dereference(loggers[pf][loginfo->type]);
Reported by FlawFinder.
Line: 243
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct nf_loginfo *loginfo, const char *fmt, ...)
{
va_list args;
char prefix[NF_LOG_PREFIXLEN];
const struct nf_logger *logger;
rcu_read_lock();
logger = rcu_dereference(net->nf.nf_loggers[pf]);
if (logger) {
Reported by FlawFinder.
Line: 262
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nf_log_buf {
unsigned int count;
char buf[S_SIZE + 1];
};
static struct nf_log_buf emergency, *emergency_ptr = &emergency;
__printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...)
{
Reported by FlawFinder.
Line: 391
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif /* PROC_FS */
#ifdef CONFIG_SYSCTL
static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
static struct ctl_table_header *nf_log_sysctl_fhdr;
static struct ctl_table nf_log_sysctl_ftable[] = {
{
Reported by FlawFinder.
Line: 410
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *buffer, size_t *lenp, loff_t *ppos)
{
const struct nf_logger *logger;
char buf[NFLOGGER_NAME_LEN];
int r = 0;
int tindex = (unsigned long)table->extra1;
struct net *net = table->extra2;
if (write) {
Reported by FlawFinder.
Line: 38
Column: 43
CWE codes:
126
continue;
log = nft_log_dereference(loggers[pf][i]);
if (!strncasecmp(str_logger, log->name, strlen(log->name)))
return log;
}
return NULL;
}
Reported by FlawFinder.
sound/pci/riptide/riptide.c
9 issues
Line: 109
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_FIRMWARE("riptide.hex");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE;
#ifdef SUPPORT_JOYSTICK
static int joystick_port[SNDRV_CARDS] = { [0 ... (SNDRV_CARDS - 1)] = 0x200 };
#endif
Reported by FlawFinder.
Line: 467
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lbuspath paths;
const unsigned char *lbuspath;
unsigned char source;
unsigned char intdec[2];
unsigned char mixer;
unsigned char id;
unsigned char state;
unsigned int rate;
unsigned int channels;
Reported by FlawFinder.
Line: 518
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
*/
static const unsigned char lbusin2out[E2SINK_MAX + 1][2] = {
{NO_OUT, LS_NONE1}, {NO_OUT, LS_NONE2}, {NO_OUT, LS_NONE1}, {NO_OUT,
LS_NONE2},
{NO_OUT, LS_NONE1}, {NO_OUT, LS_NONE2}, {NO_OUT, LS_NONE1}, {NO_OUT,
LS_NONE2},
{INTER0_OUT, LS_SRC_INTERPOLATOR}, {INTER1_OUT, LS_SRC_INTERPOLATOR},
Reported by FlawFinder.
Line: 941
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int getpaths(struct cmdif *cif, unsigned char *o)
{
unsigned char src[E2SINK_MAX];
unsigned char sink[E2SINK_MAX];
int i, j = 0;
for (i = 0; i < E2SINK_MAX; i++) {
getsourcesink(cif, i, i, &src[i], &sink[i]);
Reported by FlawFinder.
Line: 942
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int getpaths(struct cmdif *cif, unsigned char *o)
{
unsigned char src[E2SINK_MAX];
unsigned char sink[E2SINK_MAX];
int i, j = 0;
for (i = 0; i < E2SINK_MAX; i++) {
getsourcesink(cif, i, i, &src[i], &sink[i]);
if (sink[i] < E2SINK_MAX) {
Reported by FlawFinder.
Line: 1696
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
&snd_riptide_capture_ops);
pcm->private_data = chip;
pcm->info_flags = 0;
strcpy(pcm->name, "RIPTIDE");
chip->pcm = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV_SG,
&chip->pci->dev, 64 * 1024, 128 * 1024);
return 0;
}
Reported by FlawFinder.
Line: 1906
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pcmhw *data;
int i;
struct cmdif *cif = NULL;
unsigned char p[256];
unsigned short rval = 0, lval = 0;
unsigned int rate;
if (!chip)
return;
Reported by FlawFinder.
Line: 2140
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
#endif
strcpy(card->driver, "RIPTIDE");
strcpy(card->shortname, "Riptide");
#ifdef SUPPORT_JOYSTICK
snprintf(card->longname, sizeof(card->longname),
"%s at 0x%lx, irq %i mpu 0x%x opl3 0x%x gameport 0x%x",
card->shortname, chip->port, chip->irq, chip->mpuaddr,
Reported by FlawFinder.
Line: 2141
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#endif
strcpy(card->driver, "RIPTIDE");
strcpy(card->shortname, "Riptide");
#ifdef SUPPORT_JOYSTICK
snprintf(card->longname, sizeof(card->longname),
"%s at 0x%lx, irq %i mpu 0x%x opl3 0x%x gameport 0x%x",
card->shortname, chip->port, chip->irq, chip->mpuaddr,
chip->opladdr, chip->gameaddr);
Reported by FlawFinder.
sound/usb/caiaq/device.c
9 issues
Line: 145
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch(buf[0]) {
case EP1_CMD_GET_DEVICE_INFO:
memcpy(&cdev->spec, buf+1, sizeof(struct caiaq_device_spec));
cdev->spec.fw_version = le16_to_cpu(cdev->spec.fw_version);
dev_dbg(dev, "device spec (firmware %d): audio: %d in, %d out, "
"MIDI: %d in, %d out, data alignment %d\n",
cdev->spec.fw_version,
cdev->spec.num_analog_audio_in,
Reported by FlawFinder.
Line: 171
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
USB_ID(USB_VID_NATIVEINSTRUMENTS, USB_PID_AUDIO8DJ)) {
if (urb->actual_length > sizeof(cdev->control_state))
urb->actual_length = sizeof(cdev->control_state);
memcpy(cdev->control_state, buf + 1, urb->actual_length);
wake_up(&cdev->ep1_wait_queue);
break;
}
#ifdef CONFIG_SND_USB_CAIAQ_INPUT
fallthrough;
Reported by FlawFinder.
Line: 205
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = EP1_BUFSIZE - 1;
if (buffer && len > 0)
memcpy(cdev->ep1_out_buf+1, buffer, len);
cdev->ep1_out_buf[0] = command;
return usb_bulk_msg(usb_dev, usb_sndbulkpipe(usb_dev, 1),
cdev->ep1_out_buf, len+1, &actual_len, 200);
}
Reported by FlawFinder.
Line: 228
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = EP1_BUFSIZE - 2;
if (buffer && len > 0)
memcpy(cdev->ep1_out_buf+2, buffer, len);
cdev->ep1_out_buf[0] = command;
cdev->ep1_out_buf[1] = bank;
return usb_bulk_msg(usb_dev, usb_sndbulkpipe(usb_dev, 1),
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rate, int depth, int bpp)
{
int ret;
char tmp[5];
struct device *dev = caiaqdev_to_dev(cdev);
switch (rate) {
case 44100: tmp[0] = SAMPLERATE_44100; break;
case 48000: tmp[0] = SAMPLERATE_48000; break;
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int snd_usb_caiaq_set_auto_msg(struct snd_usb_caiaqdev *cdev,
int digital, int analog, int erp)
{
char tmp[3] = { digital, analog, erp };
return snd_usb_caiaq_send_command(cdev, EP1_CMD_AUTO_MSG,
tmp, sizeof(tmp));
}
static void setup_card(struct snd_usb_caiaqdev *cdev)
Reported by FlawFinder.
Line: 296
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void setup_card(struct snd_usb_caiaqdev *cdev)
{
int ret;
char val[4];
struct device *dev = caiaqdev_to_dev(cdev);
/* device-specific startup specials */
switch (cdev->chip.usb_id) {
case USB_ID(USB_VID_NATIVEINSTRUMENTS, USB_PID_RIGKONTROL2):
Reported by FlawFinder.
Line: 414
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_card(struct snd_usb_caiaqdev *cdev)
{
char *c, usbpath[32];
struct usb_device *usb_dev = cdev->chip.dev;
struct snd_card *card = cdev->chip.card;
struct device *dev = caiaqdev_to_dev(cdev);
int err, len;
Reported by FlawFinder.
Line: 475
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* whitespaces */
if (*card->id == '\0') {
char id[sizeof(card->id)];
memset(id, 0, sizeof(id));
for (c = card->shortname, len = 0;
*c && len < sizeof(card->id); c++)
Reported by FlawFinder.
net/socket.c
9 issues
Line: 2440
CWE codes:
562
struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
ssize_t err;
msg_sys->msg_name = &address;
err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
if (err < 0)
return err;
Reported by Cppcheck.
Line: 2598
CWE codes:
562
int len;
ssize_t err;
msg_sys->msg_name = &addr;
cmsg_ptr = (unsigned long)msg_sys->msg_control;
msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
/* We assume all kernel code knows the size of sockaddr_storage */
msg_sys->msg_namelen = 0;
Reported by Cppcheck.
Line: 371
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (value) {
if (dentry->d_name.len + 1 > size)
return -ERANGE;
memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
}
return dentry->d_name.len + 1;
}
#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
Reported by FlawFinder.
Line: 583
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buffer) {
if (size < used)
return -ERANGE;
memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
buffer += len;
}
return used;
}
Reported by FlawFinder.
Line: 2340
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int flags, struct used_address *used_address,
unsigned int allowed_msghdr_flags)
{
unsigned char ctl[sizeof(struct cmsghdr) + 20]
__aligned(sizeof(__kernel_size_t));
/* 20 is size of ipv6_pktinfo */
unsigned char *ctl_buf = ctl;
int ctl_len;
ssize_t err;
Reported by FlawFinder.
Line: 2400
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (used_address && err >= 0) {
used_address->name_len = msg_sys->msg_namelen;
if (msg_sys->msg_name)
memcpy(&used_address->name, msg_sys->msg_name,
used_address->name_len);
}
out_freectl:
if (ctl_buf != ctl)
Reported by FlawFinder.
Line: 2867
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef __ARCH_WANT_SYS_SOCKETCALL
/* Argument list sizes for sys_socketcall */
#define AL(x) ((x) * sizeof(unsigned long))
static const unsigned char nargs[21] = {
AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
AL(4), AL(5), AL(4)
};
Reported by FlawFinder.
Line: 2961
Column: 41
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
err = __sys_shutdown(a0, a1);
break;
case SYS_SETSOCKOPT:
err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
a[4]);
break;
case SYS_GETSOCKOPT:
err =
__sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
Reported by FlawFinder.
Line: 2966
Column: 39
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
break;
case SYS_GETSOCKOPT:
err =
__sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
(int __user *)a[4]);
break;
case SYS_SENDMSG:
err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
a[2], true);
Reported by FlawFinder.
sound/pci/korg1212/korg1212.c
9 issues
Line: 2453
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "korg1212");
strcpy(card->shortname, "korg1212");
sprintf(card->longname, "%s at 0x%lx, irq %d", card->shortname,
korg1212->iomem, korg1212->irq);
K1212_DEBUG_PRINTK("K1212_DEBUG: %s\n", card->longname);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 394
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_FIRMWARE("korg/k1212.dsp");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Korg 1212 soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 466
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0002 // selects source as local clock at 48 kHz
};
union swap_u32 { unsigned char c[4]; u32 i; };
#ifdef SNDRV_BIG_ENDIAN
static u32 LowerWordSwap(u32 swappee)
#else
static u32 UpperWordSwap(u32 swappee)
Reported by FlawFinder.
Line: 1314
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
#endif
if (in_kernel)
memcpy((__force void *)dst, src, size);
else if (copy_to_user(dst, src, size))
return -EFAULT;
src++;
dst += size;
}
Reported by FlawFinder.
Line: 1353
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
#endif
if (in_kernel)
memcpy(dst, (__force void *)src, size);
else if (copy_from_user(dst, src, size))
return -EFAULT;
dst++;
src += size;
}
Reported by FlawFinder.
Line: 2358
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
korg1212->dma_dsp.area, korg1212->dma_dsp.addr, dsp_code->size,
stateName[korg1212->cardState]);
memcpy(korg1212->dma_dsp.area, dsp_code->data, dsp_code->size);
release_firmware(dsp_code);
rc = snd_korg1212_Send1212Command(korg1212, K1212_DB_RebootCard, 0, 0, 0, 0);
Reported by FlawFinder.
Line: 2399
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
korg1212->pcm->private_data = korg1212;
korg1212->pcm->private_free = snd_korg1212_free_pcm;
strcpy(korg1212->pcm->name, "korg1212");
snd_pcm_set_ops(korg1212->pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_korg1212_playback_ops);
snd_pcm_set_ops(korg1212->pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_korg1212_capture_ops);
Reported by FlawFinder.
Line: 2451
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(card->driver, "korg1212");
strcpy(card->shortname, "korg1212");
sprintf(card->longname, "%s at 0x%lx, irq %d", card->shortname,
korg1212->iomem, korg1212->irq);
K1212_DEBUG_PRINTK("K1212_DEBUG: %s\n", card->longname);
Reported by FlawFinder.
Line: 2452
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, "korg1212");
strcpy(card->shortname, "korg1212");
sprintf(card->longname, "%s at 0x%lx, irq %d", card->shortname,
korg1212->iomem, korg1212->irq);
K1212_DEBUG_PRINTK("K1212_DEBUG: %s\n", card->longname);
Reported by FlawFinder.
sound/pci/hda/hda_proc.c
9 issues
Line: 27
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *get_wid_type_name(unsigned int wid_value)
{
static const char * const names[16] = {
[AC_WID_AUD_OUT] = "Audio Output",
[AC_WID_AUD_IN] = "Audio Input",
[AC_WID_AUD_MIX] = "Audio Mixer",
[AC_WID_AUD_SEL] = "Audio Selector",
[AC_WID_PIN] = "Pin Complex",
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_pcm_bits(struct snd_info_buffer *buffer, unsigned int pcm)
{
char buf[SND_PRINT_BITS_ADVISED_BUFSIZE];
snd_iprintf(buffer, " bits [0x%x]:", (pcm >> 16) & 0xff);
snd_print_pcm_bits(pcm, buf, sizeof(buf));
snd_iprintf(buffer, "%s\n", buf);
}
Reported by FlawFinder.
Line: 215
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *get_jack_connection(u32 cfg)
{
static const char * const names[16] = {
"Unknown", "1/8", "1/4", "ATAPI",
"RCA", "Optical","Digital", "Analog",
"DIN", "XLR", "RJ11", "Comb",
NULL, NULL, NULL, "Other"
};
Reported by FlawFinder.
Line: 230
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *get_jack_color(u32 cfg)
{
static const char * const names[16] = {
"Unknown", "Black", "Grey", "Blue",
"Green", "Red", "Orange", "Yellow",
"Purple", "Pink", NULL, NULL,
NULL, NULL, "White", "Other",
};
Reported by FlawFinder.
Line: 249
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const char *get_jack_location(u32 cfg)
{
static const char * const bases[7] = {
"N/A", "Rear", "Front", "Left", "Right", "Top", "Bottom",
};
static const unsigned char specials_idx[] = {
0x07, 0x08,
0x17, 0x18, 0x19,
Reported by FlawFinder.
Line: 280
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const char *get_jack_connectivity(u32 cfg)
{
static const char * const jack_locations[4] = {
"Ext", "Int", "Sep", "Oth"
};
return jack_locations[(cfg >> (AC_DEFCFG_LOCATION_SHIFT + 4)) & 3];
}
Reported by FlawFinder.
Line: 293
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const char *get_jack_type(u32 cfg)
{
static const char * const jack_types[16] = {
"Line Out", "Speaker", "HP Out", "CD",
"SPDIF Out", "Digital Out", "Modem Line", "Modem Hand",
"Line In", "Aux", "Mic", "Telephony",
"SPDIF In", "Digital In", "Reserved", "Other"
};
Reported by FlawFinder.
Line: 308
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hda_codec *codec, hda_nid_t nid,
int *supports_vref)
{
static const char * const jack_conns[4] = {
"Jack", "N/A", "Fixed", "Both"
};
unsigned int caps, val;
caps = param_read(codec, nid, AC_PAR_PIN_CAP);
Reported by FlawFinder.
Line: 943
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int snd_hda_codec_proc_new(struct hda_codec *codec)
{
char name[32];
snprintf(name, sizeof(name), "codec#%d", codec->core.addr);
return snd_card_ro_proc_new(codec->card, name, codec, print_codec_info);
}
Reported by FlawFinder.
sound/pci/emu10k1/emu10k1x.c
9 issues
Line: 1511
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
spin_lock_init(&midi->open_lock);
spin_lock_init(&midi->input_lock);
spin_lock_init(&midi->output_lock);
strcpy(rmidi->name, name);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_OUTPUT, &snd_emu10k1x_midi_output);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_INPUT, &snd_emu10k1x_midi_input);
rmidi->info_flags |= SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT |
SNDRV_RAWMIDI_INFO_DUPLEX;
Reported by FlawFinder.
Line: 1605
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "EMU10K1X");
strcpy(card->shortname, "Dell Sound Blaster Live!");
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
err = snd_card_register(card);
if (err < 0) {
snd_card_free(card);
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// module parameters (see "Module Parameters")
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for the EMU10K1X soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 866
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
switch(device) {
case 0:
strcpy(pcm->name, "EMU10K1X Front");
map = snd_pcm_std_chmaps;
break;
case 1:
strcpy(pcm->name, "EMU10K1X Rear");
map = surround_map;
Reported by FlawFinder.
Line: 870
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
map = snd_pcm_std_chmaps;
break;
case 1:
strcpy(pcm->name, "EMU10K1X Rear");
map = surround_map;
break;
case 2:
strcpy(pcm->name, "EMU10K1X Center/LFE");
map = clfe_map;
Reported by FlawFinder.
Line: 874
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
map = surround_map;
break;
case 2:
strcpy(pcm->name, "EMU10K1X Center/LFE");
map = clfe_map;
break;
}
emu->pcm = pcm;
Reported by FlawFinder.
Line: 1042
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_buffer *buffer)
{
struct emu10k1x *emu = entry->private_data;
char line[64];
unsigned int reg, channel_id , val;
while (!snd_info_get_line(buffer, line, sizeof(line))) {
if (sscanf(line, "%x %x %x", ®, &channel_id, &val) != 3)
continue;
Reported by FlawFinder.
Line: 1603
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_emu10k1x_proc_init(chip);
strcpy(card->driver, "EMU10K1X");
strcpy(card->shortname, "Dell Sound Blaster Live!");
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 1604
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_emu10k1x_proc_init(chip);
strcpy(card->driver, "EMU10K1X");
strcpy(card->shortname, "Dell Sound Blaster Live!");
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
err = snd_card_register(card);
if (err < 0) {
Reported by FlawFinder.
samples/timers/hpet_example.c
9 issues
Line: 89
Column: 7
CWE codes:
362
return;
}
fd = open(argv[0], O_RDONLY);
if (fd < 0)
fprintf(stderr, "hpet_open_close: open failed\n");
else
close(fd);
Reported by FlawFinder.
Line: 109
Column: 7
CWE codes:
362
return;
}
fd = open(argv[0], O_RDONLY);
if (fd < 0) {
fprintf(stderr, "hpet_info: open of %s failed\n", argv[0]);
return;
}
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return;
}
freq = atoi(argv[1]);
iterations = atoi(argv[2]);
fd = open(argv[0], O_RDONLY);
if (fd < 0) {
Reported by FlawFinder.
Line: 147
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
freq = atoi(argv[1]);
iterations = atoi(argv[2]);
fd = open(argv[0], O_RDONLY);
if (fd < 0) {
fprintf(stderr, "hpet_poll: open of %s failed\n", argv[0]);
Reported by FlawFinder.
Line: 149
Column: 7
CWE codes:
362
freq = atoi(argv[1]);
iterations = atoi(argv[2]);
fd = open(argv[0], O_RDONLY);
if (fd < 0) {
fprintf(stderr, "hpet_poll: open of %s failed\n", argv[0]);
return;
}
Reported by FlawFinder.
Line: 243
Column: 7
CWE codes:
362
goto out;
}
fd = open(argv[0], O_RDONLY);
if (fd < 0) {
fprintf(stderr, "hpet_fasync: failed to open %s\n", argv[0]);
return;
}
Reported by FlawFinder.
Line: 258
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
goto out;
}
freq = atoi(argv[1]);
iterations = atoi(argv[2]);
if (ioctl(fd, HPET_IRQFREQ, freq) < 0) {
fprintf(stderr, "hpet_fasync: HPET_IRQFREQ failed\n");
goto out;
Reported by FlawFinder.
Line: 259
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
freq = atoi(argv[1]);
iterations = atoi(argv[2]);
if (ioctl(fd, HPET_IRQFREQ, freq) < 0) {
fprintf(stderr, "hpet_fasync: HPET_IRQFREQ failed\n");
goto out;
}
Reported by FlawFinder.
Line: 199
Column: 8
CWE codes:
120
20
fprintf(stderr, "hpet_poll: revents = 0x%x\n",
pfd.revents);
if (read(fd, &data, sizeof(data)) != sizeof(data)) {
fprintf(stderr, "hpet_poll: read failed\n");
}
else
fprintf(stderr, "hpet_poll: data 0x%lx\n",
data);
Reported by FlawFinder.