The following issues were found
drivers/char/tpm/tpm_tis_core.c
8 issues
Line: 105
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
do {
int rc;
u8 access;
rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
if (rc < 0)
return rc;
Reported by FlawFinder.
Line: 107
Column: 44
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int rc;
u8 access;
rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
if (rc < 0)
return rc;
if (access & TPM_ACCESS_VALID)
return 0;
Reported by FlawFinder.
Line: 111
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (rc < 0)
return rc;
if (access & TPM_ACCESS_VALID)
return 0;
tpm_msleep(TPM_TIMEOUT);
} while (time_before(jiffies, stop));
return -1;
}
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
int rc;
u8 access;
rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
if (rc < 0)
return false;
Reported by FlawFinder.
Line: 124
Column: 43
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int rc;
u8 access;
rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
if (rc < 0)
return false;
if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
| TPM_ACCESS_REQUEST_USE)) ==
Reported by FlawFinder.
Line: 128
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (rc < 0)
return false;
if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
| TPM_ACCESS_REQUEST_USE)) ==
(TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
priv->locality = l;
return true;
}
Reported by FlawFinder.
Line: 554
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(version->rev_minor ==
vendor_dur_overrides[i].version.rev_minor)) {
memcpy(duration_cap,
vendor_dur_overrides[i].durations,
sizeof(vendor_dur_overrides[i].durations));
chip->duration_adjusted = true;
goto out;
Reported by FlawFinder.
Line: 601
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
if (vendor_timeout_overrides[i].did_vid != did_vid)
continue;
memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
sizeof(vendor_timeout_overrides[i].timeout_us));
chip->timeout_adjusted = true;
}
out:
Reported by FlawFinder.
drivers/cdrom/gdrom.c
8 issues
Line: 712
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
gd.cd_info->ops = &gdrom_ops;
gd.cd_info->capacity = 1;
strcpy(gd.cd_info->name, GDROM_DEV_NAME);
gd.cd_info->mask = CDC_CLOSE_TRAY|CDC_OPEN_TRAY|CDC_LOCK|
CDC_SELECT_DISC;
}
static void probe_gdrom_setupdisk(void)
Reported by FlawFinder.
Line: 722
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
gd.disk->major = gdrom_major;
gd.disk->first_minor = 1;
gd.disk->minors = 1;
strcpy(gd.disk->disk_name, GDROM_DEV_NAME);
}
static int probe_gdrom_setupqueue(void)
{
blk_queue_logical_block_size(gd.gdrom_rq, GDROM_HARD_SECTOR);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mid;
char modid;
char verid;
char padA[13];
char mname[16];
char modname[16];
char firmver[16];
char padB[16];
};
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char modid;
char verid;
char padA[13];
char mname[16];
char modname[16];
char firmver[16];
char padB[16];
};
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char verid;
char padA[13];
char mname[16];
char modname[16];
char firmver[16];
char padB[16];
};
static int gdrom_getsense(short *bufstring);
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char padA[13];
char mname[16];
char modname[16];
char firmver[16];
char padB[16];
};
static int gdrom_getsense(short *bufstring);
static int gdrom_packetcommand(struct cdrom_device_info *cd_info,
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mname[16];
char modname[16];
char firmver[16];
char padB[16];
};
static int gdrom_getsense(short *bufstring);
static int gdrom_packetcommand(struct cdrom_device_info *cd_info,
struct packet_command *command);
Reported by FlawFinder.
Line: 448
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
pr_err("Unknown sense key: %d\n", sense_key);
if (bufstring) /* return addional sense data */
memcpy(bufstring, &sense[4], 2);
if (sense_key < 2)
err = 0;
cleanup_sense:
gd.pending = 0;
Reported by FlawFinder.
drivers/edac/edac_device_sysfs.c
8 issues
Line: 35
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t edac_device_ctl_log_ue_show(struct edac_device_ctl_info
*ctl_info, char *data)
{
return sprintf(data, "%u\n", ctl_info->log_ue);
}
static ssize_t edac_device_ctl_log_ue_store(struct edac_device_ctl_info
*ctl_info, const char *data,
size_t count)
Reported by FlawFinder.
Line: 52
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t edac_device_ctl_log_ce_show(struct edac_device_ctl_info
*ctl_info, char *data)
{
return sprintf(data, "%u\n", ctl_info->log_ce);
}
static ssize_t edac_device_ctl_log_ce_store(struct edac_device_ctl_info
*ctl_info, const char *data,
size_t count)
Reported by FlawFinder.
Line: 69
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t edac_device_ctl_panic_on_ue_show(struct edac_device_ctl_info
*ctl_info, char *data)
{
return sprintf(data, "%u\n", ctl_info->panic_on_ue);
}
static ssize_t edac_device_ctl_panic_on_ue_store(struct edac_device_ctl_info
*ctl_info, const char *data,
size_t count)
Reported by FlawFinder.
Line: 86
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t edac_device_ctl_poll_msec_show(struct edac_device_ctl_info
*ctl_info, char *data)
{
return sprintf(data, "%u\n", ctl_info->poll_msec);
}
static ssize_t edac_device_ctl_poll_msec_store(struct edac_device_ctl_info
*ctl_info, const char *data,
size_t count)
Reported by FlawFinder.
Line: 312
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t instance_ue_count_show(struct edac_device_instance *instance,
char *data)
{
return sprintf(data, "%u\n", instance->counters.ue_count);
}
static ssize_t instance_ce_count_show(struct edac_device_instance *instance,
char *data)
{
Reported by FlawFinder.
Line: 318
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t instance_ce_count_show(struct edac_device_instance *instance,
char *data)
{
return sprintf(data, "%u\n", instance->counters.ce_count);
}
#define to_instance(k) container_of(k, struct edac_device_instance, kobj)
#define to_instance_attr(a) container_of(a,struct instance_attribute,attr)
Reported by FlawFinder.
Line: 419
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct edac_device_block *block = to_block(kobj);
return sprintf(data, "%u\n", block->counters.ue_count);
}
static ssize_t block_ce_count_show(struct kobject *kobj,
struct attribute *attr, char *data)
{
Reported by FlawFinder.
Line: 427
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct edac_device_block *block = to_block(kobj);
return sprintf(data, "%u\n", block->counters.ce_count);
}
/* DEVICE block kobject release() function */
static void edac_device_ctrl_block_release(struct kobject *kobj)
{
Reported by FlawFinder.
drivers/bus/ti-sysc.c
8 issues
Line: 2393
static struct dev_pm_domain sysc_child_pm_domain = {
.ops = {
SET_RUNTIME_PM_OPS(sysc_child_runtime_suspend,
sysc_child_runtime_resume,
NULL)
USE_PLATFORM_PM_SLEEP_OPS
SET_NOIRQ_SYSTEM_SLEEP_PM_OPS(sysc_child_suspend_noirq,
sysc_child_resume_noirq)
Reported by Cppcheck.
Line: 965
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!ddata->name)
return 0;
return sprintf(bufp, ":%s", ddata->name);
}
/**
* sysc_show_registers - show information about interconnect target module
* @ddata: device driver data
Reported by FlawFinder.
Line: 77
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct sysc_soc_info *sysc_soc;
static const char * const reg_names[] = { "rev", "sysc", "syss", };
static const char * const clock_names[SYSC_MAX_CLOCKS] = {
"fck", "ick", "opt0", "opt1", "opt2", "opt3", "opt4",
"opt5", "opt6", "opt7",
};
#define SYSC_IDLEMODE_MASK 3
Reported by FlawFinder.
Line: 944
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int len;
if (ddata->offsets[SYSC_REVISION] < 0)
return sprintf(bufp, ":NA");
len = sprintf(bufp, ":%08x", ddata->revision);
return len;
}
Reported by FlawFinder.
Line: 946
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ddata->offsets[SYSC_REVISION] < 0)
return sprintf(bufp, ":NA");
len = sprintf(bufp, ":%08x", ddata->revision);
return len;
}
static int sysc_show_reg(struct sysc *ddata,
Reported by FlawFinder.
Line: 955
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *bufp, enum sysc_registers reg)
{
if (ddata->offsets[reg] < 0)
return sprintf(bufp, ":NA");
return sprintf(bufp, ":%x", ddata->offsets[reg]);
}
static int sysc_show_name(char *bufp, struct sysc *ddata)
Reported by FlawFinder.
Line: 957
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ddata->offsets[reg] < 0)
return sprintf(bufp, ":NA");
return sprintf(bufp, ":%x", ddata->offsets[reg]);
}
static int sysc_show_name(char *bufp, struct sysc *ddata)
{
if (!ddata->name)
Reported by FlawFinder.
Line: 974
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static void sysc_show_registers(struct sysc *ddata)
{
char buf[128];
char *bufp = buf;
int i;
for (i = 0; i < SYSC_MAX_REGS; i++)
bufp += sysc_show_reg(ddata, bufp, i);
Reported by FlawFinder.
drivers/clk/at91/dt-compat.c
8 issues
Line: 122
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name;
struct clk_hw *hw;
unsigned int num_parents;
const char *parent_names[GENERATED_SOURCE_MAX];
struct device_node *gcknp;
struct clk_range range = CLK_RANGE(0, 0);
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
Reported by FlawFinder.
Line: 207
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct regmap *regmap_sfr;
u8 bus_id;
const char *parent_names[2];
struct device_node *i2s_mux_np;
struct clk_hw *hw;
int ret;
regmap_sfr = syscon_regmap_lookup_by_compatible("atmel,sama5d2-sfr");
Reported by FlawFinder.
Line: 315
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init of_at91sam9x5_clk_main_setup(struct device_node *np)
{
struct clk_hw *hw;
const char *parent_names[2];
unsigned int num_parents;
const char *name = np->name;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
Reported by FlawFinder.
Line: 372
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct clk_hw *hw;
unsigned int num_parents;
const char *parent_names[MASTER_SOURCE_MAX];
const char *name = np->name;
struct clk_master_characteristics *characteristics;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
Reported by FlawFinder.
Line: 696
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 id;
struct clk_hw *hw;
unsigned int num_parents;
const char *parent_names[PROG_SOURCE_MAX];
const char *name;
struct device_node *progclknp;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
Reported by FlawFinder.
Line: 756
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init of_at91sam9260_clk_slow_setup(struct device_node *np)
{
struct clk_hw *hw;
const char *parent_names[2];
unsigned int num_parents;
const char *name = np->name;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
Reported by FlawFinder.
Line: 789
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct clk_hw *hw;
unsigned int num_parents;
const char *parent_names[SMD_SOURCE_MAX];
const char *name = np->name;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
if (num_parents == 0 || num_parents > SMD_SOURCE_MAX)
Reported by FlawFinder.
Line: 860
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct clk_hw *hw;
unsigned int num_parents;
const char *parent_names[USB_SOURCE_MAX];
const char *name = np->name;
struct regmap *regmap;
num_parents = of_clk_get_parent_count(np);
if (num_parents == 0 || num_parents > USB_SOURCE_MAX)
Reported by FlawFinder.
drivers/block/null_blk/main.c
8 issues
Line: 108
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* For more details about fault injection, please refer to
* Documentation/fault-injection/fault-injection.rst.
*/
static char g_timeout_str[80];
module_param_string(timeout, g_timeout_str, sizeof(g_timeout_str), 0444);
MODULE_PARM_DESC(timeout, "Fault injection. timeout=<interval>,<probability>,<space>,<times>");
static char g_requeue_str[80];
module_param_string(requeue, g_requeue_str, sizeof(g_requeue_str), 0444);
Reported by FlawFinder.
Line: 112
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_string(timeout, g_timeout_str, sizeof(g_timeout_str), 0444);
MODULE_PARM_DESC(timeout, "Fault injection. timeout=<interval>,<probability>,<space>,<times>");
static char g_requeue_str[80];
module_param_string(requeue, g_requeue_str, sizeof(g_requeue_str), 0444);
MODULE_PARM_DESC(requeue, "Fault injection. requeue=<interval>,<probability>,<space>,<times>");
static char g_init_hctx_str[80];
module_param_string(init_hctx, g_init_hctx_str, sizeof(g_init_hctx_str), 0444);
Reported by FlawFinder.
Line: 116
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_string(requeue, g_requeue_str, sizeof(g_requeue_str), 0444);
MODULE_PARM_DESC(requeue, "Fault injection. requeue=<interval>,<probability>,<space>,<times>");
static char g_init_hctx_str[80];
module_param_string(init_hctx, g_init_hctx_str, sizeof(g_init_hctx_str), 0444);
MODULE_PARM_DESC(init_hctx, "Fault injection to fail hctx init. init_hctx=<interval>,<probability>,<space>,<times>");
#endif
static int g_queue_mode = NULL_Q_MQ;
Reported by FlawFinder.
Line: 945
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i += (nullb->dev->blocksize >> SECTOR_SHIFT)) {
if (test_bit(i, c_page->bitmap)) {
offset = (i << SECTOR_SHIFT);
memcpy(dst + offset, src + offset,
nullb->dev->blocksize);
__set_bit(i, t_page->bitmap);
}
}
Reported by FlawFinder.
Line: 1036
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = kmap_atomic(source);
dst = kmap_atomic(t_page->page);
memcpy(dst + offset, src + off + count, temp);
kunmap_atomic(dst);
kunmap_atomic(src);
__set_bit(sector & SECTOR_MASK, t_page->bitmap);
Reported by FlawFinder.
Line: 1072
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto next;
}
src = kmap_atomic(t_page->page);
memcpy(dst + off + count, src + offset, temp);
kunmap_atomic(src);
next:
kunmap_atomic(dst);
count += temp;
Reported by FlawFinder.
Line: 1909
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
null_config_discard(nullb);
sprintf(nullb->disk_name, "nullb%d", nullb->index);
rv = null_gendisk_register(nullb);
if (rv)
goto out_cleanup_zone;
Reported by FlawFinder.
Line: 1715
Column: 2
CWE codes:
120
else
disk->fops = &null_bio_ops;
disk->private_data = nullb;
strncpy(disk->disk_name, nullb->disk_name, DISK_NAME_LEN);
if (nullb->dev->zoned) {
int ret = null_register_zoned_dev(nullb);
if (ret)
Reported by FlawFinder.
drivers/acpi/acpica/nsnames.c
8 issues
Line: 376
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
/* Don't merge if the External path is already fully qualified */
if (prefix_path && (*external_path != '\\') && (*external_path != '^')) {
strcat(full_path, prefix_path);
if (prefix_path[1]) {
strcat(full_path, ".");
}
}
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
acpi_ns_normalize_pathname(external_path);
strcat(full_path, external_path);
cleanup:
if (prefix_path) {
ACPI_FREE(prefix_path);
}
Reported by FlawFinder.
Line: 464
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
*new_path = 0;
strcpy(original_path, new_path_buffer);
ACPI_FREE(new_path_buffer);
}
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *full_path, u32 path_size, u8 no_trailing)
{
u32 length = 0, i;
char name[ACPI_NAMESEG_SIZE];
u8 do_no_trailing;
char c, *left, *right;
struct acpi_namespace_node *next_node;
ACPI_FUNCTION_TRACE_PTR(ns_build_normalized_path, node);
Reported by FlawFinder.
Line: 354
Column: 25
CWE codes:
126
acpi_ns_get_normalized_pathname(prefix_scope->scope.node,
TRUE);
if (prefix_path) {
prefix_path_length = strlen(prefix_path);
}
}
status = acpi_ns_externalize_name(ACPI_UINT32_MAX, internal_path,
NULL, &external_path);
Reported by FlawFinder.
Line: 367
Column: 48
CWE codes:
126
/* Merge the prefix path and the path. 2 is for one dot and trailing null */
full_path =
ACPI_ALLOCATE_ZEROED(prefix_path_length + strlen(external_path) +
2);
if (!full_path) {
goto cleanup;
}
Reported by FlawFinder.
Line: 378
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (prefix_path && (*external_path != '\\') && (*external_path != '^')) {
strcat(full_path, prefix_path);
if (prefix_path[1]) {
strcat(full_path, ".");
}
}
acpi_ns_normalize_pathname(external_path);
strcat(full_path, external_path);
Reported by FlawFinder.
Line: 419
Column: 41
CWE codes:
126
/* Allocate a temp buffer in which to construct the new path */
new_path_buffer = ACPI_ALLOCATE_ZEROED(strlen(input_path) + 1);
new_path = new_path_buffer;
if (!new_path_buffer) {
return;
}
Reported by FlawFinder.
drivers/acpi/acpica/utdecode.c
8 issues
Line: 70
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Region type decoding */
const char *acpi_gbl_region_types[ACPI_NUM_PREDEFINED_REGIONS] = {
"SystemMemory", /* 0x00 */
"SystemIO", /* 0x01 */
"PCI_Config", /* 0x02 */
"EmbeddedControl", /* 0x03 */
"SMBus", /* 0x04 */
Reported by FlawFinder.
Line: 115
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Event type decoding */
static const char *acpi_gbl_event_types[ACPI_NUM_FIXED_EVENTS] = {
"PM_Timer",
"GlobalLock",
"PowerButton",
"SleepButton",
"RealTimeClock",
Reported by FlawFinder.
Line: 379
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Names for internal mutex objects, used for debug output */
static const char *acpi_gbl_mutex_names[ACPI_NUM_MUTEX] = {
"ACPI_MTX_Interpreter",
"ACPI_MTX_Namespace",
"ACPI_MTX_Tables",
"ACPI_MTX_Events",
"ACPI_MTX_Caches",
Reported by FlawFinder.
Line: 418
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Names for Notify() values, used for debug output */
static const char *acpi_gbl_generic_notify[ACPI_GENERIC_NOTIFY_MAX + 1] = {
/* 00 */ "Bus Check",
/* 01 */ "Device Check",
/* 02 */ "Device Wake",
/* 03 */ "Eject Request",
/* 04 */ "Device Check Light",
Reported by FlawFinder.
Line: 440
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* ACPI 6.3 */
};
static const char *acpi_gbl_device_notify[5] = {
/* 80 */ "Status Change",
/* 81 */ "Information Change",
/* 82 */ "Device-Specific Change",
/* 83 */ "Device-Specific Change",
/* 84 */ "Reserved"
Reported by FlawFinder.
Line: 448
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* 84 */ "Reserved"
};
static const char *acpi_gbl_processor_notify[5] = {
/* 80 */ "Performance Capability Change",
/* 81 */ "C-State Change",
/* 82 */ "Throttling Capability Change",
/* 83 */ "Guaranteed Change",
/* 84 */ "Minimum Excursion"
Reported by FlawFinder.
Line: 456
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* 84 */ "Minimum Excursion"
};
static const char *acpi_gbl_thermal_notify[5] = {
/* 80 */ "Thermal Status Change",
/* 81 */ "Thermal Trip Point Change",
/* 82 */ "Thermal Device List Change",
/* 83 */ "Thermal Relationship Change",
/* 84 */ "Reserved"
Reported by FlawFinder.
Line: 523
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
******************************************************************************/
static const char *acpi_gbl_argument_type[20] = {
/* 00 */ "Unknown ARGP",
/* 01 */ "ByteData",
/* 02 */ "ByteList",
/* 03 */ "CharList",
/* 04 */ "DataObject",
Reported by FlawFinder.
tools/testing/selftests/mqueue/mq_perf_tests.c
8 issues
Line: 614
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
queue_path[0] = '/';
queue_path[1] = 0;
strcat(queue_path, option);
free(option);
}
break;
}
}
Reported by FlawFinder.
Line: 395
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void random_prio(int *prio)
{
*prio = random() % mq_prio_max;
}
struct test test2[] = {
{"\n\tTest #2a: Time send/recv message, queue full, constant prio\n",
const_prio},
Reported by FlawFinder.
Line: 322
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *cont_thread(void *arg)
{
char buff[MSG_SIZE];
int i, priority;
for (i = 0; i < num_cpus_to_pin; i++)
if (cpu_threads[i] == pthread_self())
break;
Reported by FlawFinder.
Line: 424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void *perf_test_thread(void *arg)
{
char buff[MSG_SIZE];
int prio_out, prio_in;
int i;
clockid_t clock;
pthread_t *t;
struct timespec res, start, middle, end, send_total, recv_total;
Reported by FlawFinder.
Line: 575
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
next_option = strchr(option, ',');
if (next_option)
*next_option = '\0';
cpu = atoi(option);
if (cpu >= cpus_online)
fprintf(stderr, "CPU %d exceeds "
"cpus online, ignoring.\n",
cpu);
else
Reported by FlawFinder.
Line: 636
Column: 13
CWE codes:
362
"require root in order to modify\nsystem settings. "
"Exiting.\n");
max_msgs = fopen(MAX_MSGS, "r+");
max_msgsize = fopen(MAX_MSGSIZE, "r+");
if (!max_msgs)
shutdown(2, "Failed to open msg_max", __LINE__);
if (!max_msgsize)
shutdown(2, "Failed to open msgsize_max", __LINE__);
Reported by FlawFinder.
Line: 637
Column: 16
CWE codes:
362
"Exiting.\n");
max_msgs = fopen(MAX_MSGS, "r+");
max_msgsize = fopen(MAX_MSGSIZE, "r+");
if (!max_msgs)
shutdown(2, "Failed to open msg_max", __LINE__);
if (!max_msgsize)
shutdown(2, "Failed to open msgsize_max", __LINE__);
Reported by FlawFinder.
Line: 607
Column: 25
CWE codes:
126
*/
option = queue_path;
if (*option != '/') {
queue_path = malloc(strlen(option) + 2);
if (!queue_path) {
perror("malloc()");
exit(1);
}
queue_path[0] = '/';
Reported by FlawFinder.
tools/perf/builtin-inject.c
8 issues
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 aux_id;
struct list_head samples;
struct itrace_synth_opts itrace_synth_opts;
char event_copy[PERF_SAMPLE_MAX_SIZE];
};
struct event_entry {
struct list_head node;
u32 tid;
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int copy_bytes(struct perf_inject *inject, int fd, off_t size)
{
char buf[4096];
ssize_t ssz;
int ret;
while (size > 0) {
ssz = read(fd, buf, min(size, (off_t)sizeof(buf)));
Reported by FlawFinder.
Line: 256
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sz1 < sizeof(struct perf_event_header) + sizeof(u64))
return event;
memcpy(ev, event, sz1);
memcpy((void *)ev + sz1, (void *)event + event->header.size - sz2, sz2);
ev->header.size = sz1 + sz2;
((u64 *)((void *)ev + sz1))[-1] = 0;
return ev;
Reported by FlawFinder.
Line: 257
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return event;
memcpy(ev, event, sz1);
memcpy((void *)ev + sz1, (void *)event + event->header.size - sz2, sz2);
ev->header.size = sz1 + sz2;
((u64 *)((void *)ev + sz1))[-1] = 0;
return ev;
}
Reported by FlawFinder.
Line: 653
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ent->tid = sample->tid;
memcpy(&ent->event, event, event->header.size);
list_add(&ent->node, &inject->samples);
return 0;
}
static int perf_inject__sched_stat(struct perf_tool *tool,
Reported by FlawFinder.
Line: 151
Column: 9
CWE codes:
120
20
int ret;
while (size > 0) {
ssz = read(fd, buf, min(size, (off_t)sizeof(buf)));
if (ssz < 0)
return -errno;
ret = output_bytes(inject, buf, ssz);
if (ret)
return ret;
Reported by FlawFinder.
Line: 744
Column: 35
CWE codes:
126
return 0;
dry_run = skip_spaces(str);
if (!strncmp(dry_run, "dry-run", strlen("dry-run"))) {
inject->itrace_synth_opts.vm_tm_corr_dry_run = true;
inject->in_place_update_dry_run = true;
args = dry_run + strlen("dry-run");
} else {
args = str;
Reported by FlawFinder.
Line: 747
Column: 20
CWE codes:
126
if (!strncmp(dry_run, "dry-run", strlen("dry-run"))) {
inject->itrace_synth_opts.vm_tm_corr_dry_run = true;
inject->in_place_update_dry_run = true;
args = dry_run + strlen("dry-run");
} else {
args = str;
}
inject->itrace_synth_opts.vm_tm_corr_args = strdup(args);
Reported by FlawFinder.