The following issues were found
arch/riscv/include/asm/gdb_xml.h
8 issues
Line: 6
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifndef __ASM_GDB_XML_H_
#define __ASM_GDB_XML_H_
const char riscv_gdb_stub_feature[64] =
"PacketSize=800;qXfer:features:read+;";
static const char gdb_xfer_read_target[31] = "qXfer:features:read:target.xml:";
#ifdef CONFIG_64BIT
Reported by FlawFinder.
Line: 9
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char riscv_gdb_stub_feature[64] =
"PacketSize=800;qXfer:features:read+;";
static const char gdb_xfer_read_target[31] = "qXfer:features:read:target.xml:";
#ifdef CONFIG_64BIT
static const char gdb_xfer_read_cpuxml[39] =
"qXfer:features:read:riscv-64bit-cpu.xml";
Reported by FlawFinder.
Line: 12
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char gdb_xfer_read_target[31] = "qXfer:features:read:target.xml:";
#ifdef CONFIG_64BIT
static const char gdb_xfer_read_cpuxml[39] =
"qXfer:features:read:riscv-64bit-cpu.xml";
static const char riscv_gdb_stub_target_desc[256] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
Reported by FlawFinder.
Line: 15
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char gdb_xfer_read_cpuxml[39] =
"qXfer:features:read:riscv-64bit-cpu.xml";
static const char riscv_gdb_stub_target_desc[256] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
"<target>"
"<xi:include href=\"riscv-64bit-cpu.xml\"/>"
"</target>";
Reported by FlawFinder.
Line: 22
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"<xi:include href=\"riscv-64bit-cpu.xml\"/>"
"</target>";
static const char riscv_gdb_stub_cpuxml[2048] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE feature SYSTEM \"gdb-target.dtd\">"
"<feature name=\"org.gnu.gdb.riscv.cpu\">"
"<reg name=\""DBG_REG_ZERO"\" bitsize=\"64\" type=\"int\" regnum=\"0\"/>"
"<reg name=\""DBG_REG_RA"\" bitsize=\"64\" type=\"code_ptr\"/>"
Reported by FlawFinder.
Line: 64
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"<reg name=\""DBG_REG_CAUSE"\" bitsize=\"64\" type=\"int\"/>"
"</feature>";
#else
static const char gdb_xfer_read_cpuxml[39] =
"qXfer:features:read:riscv-32bit-cpu.xml";
static const char riscv_gdb_stub_target_desc[256] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
Reported by FlawFinder.
Line: 67
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char gdb_xfer_read_cpuxml[39] =
"qXfer:features:read:riscv-32bit-cpu.xml";
static const char riscv_gdb_stub_target_desc[256] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
"<target>"
"<xi:include href=\"riscv-32bit-cpu.xml\"/>"
"</target>";
Reported by FlawFinder.
Line: 74
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"<xi:include href=\"riscv-32bit-cpu.xml\"/>"
"</target>";
static const char riscv_gdb_stub_cpuxml[2048] =
"l<?xml version=\"1.0\"?>"
"<!DOCTYPE feature SYSTEM \"gdb-target.dtd\">"
"<feature name=\"org.gnu.gdb.riscv.cpu\">"
"<reg name=\""DBG_REG_ZERO"\" bitsize=\"32\" type=\"int\" regnum=\"0\"/>"
"<reg name=\""DBG_REG_RA"\" bitsize=\"32\" type=\"code_ptr\"/>"
Reported by FlawFinder.
arch/powerpc/mm/book3s64/hash_64k.c
8 issues
Line: 36
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return !(hpte_soft_invalid(__rpte_to_hidx(rpte, index)));
}
int __hash_page_4K(unsigned long ea, unsigned long access, unsigned long vsid,
pte_t *ptep, unsigned long trap, unsigned long flags,
int ssize, int subpg_prot)
{
real_pte_t rpte;
unsigned long hpte_group;
Reported by FlawFinder.
Line: 59
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (unlikely(old_pte & H_PAGE_BUSY))
return 0;
/* If PTE permissions don't match, take page fault */
if (unlikely(!check_pte_access(access, old_pte)))
return 1;
/*
* Try to lock the PTE, add ACCESSED and DIRTY if it was
* a write access. Since this is 4K insert of 64K page size
* also add H_PAGE_COMBO
Reported by FlawFinder.
Line: 67
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* also add H_PAGE_COMBO
*/
new_pte = old_pte | H_PAGE_BUSY | _PAGE_ACCESSED | H_PAGE_COMBO;
if (access & _PAGE_WRITE)
new_pte |= _PAGE_DIRTY;
} while (!pte_xchg(ptep, __pte(old_pte), __pte(new_pte)));
/*
* Handle the subpage protection bits
Reported by FlawFinder.
Line: 211
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
if (unlikely(slot == -2)) {
*ptep = __pte(old_pte);
hash_failure_debug(ea, access, vsid, trap, ssize,
MMU_PAGE_4K, MMU_PAGE_4K, old_pte);
return -1;
}
new_pte |= pte_set_hidx(ptep, rpte, subpg_index, slot, PTRS_PER_PTE);
Reported by FlawFinder.
Line: 223
Column: 53
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return 0;
}
int __hash_page_64K(unsigned long ea, unsigned long access,
unsigned long vsid, pte_t *ptep, unsigned long trap,
unsigned long flags, int ssize)
{
real_pte_t rpte;
unsigned long hpte_group;
Reported by FlawFinder.
Line: 245
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (unlikely(old_pte & H_PAGE_BUSY))
return 0;
/* If PTE permissions don't match, take page fault */
if (unlikely(!check_pte_access(access, old_pte)))
return 1;
/*
* Check if PTE has the cache-inhibit bit set
* If so, bail out and refault as a 4k page
*/
Reported by FlawFinder.
Line: 259
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* a write access.
*/
new_pte = old_pte | H_PAGE_BUSY | _PAGE_ACCESSED;
if (access & _PAGE_WRITE)
new_pte |= _PAGE_DIRTY;
} while (!pte_xchg(ptep, __pte(old_pte), __pte(new_pte)));
rflags = htab_convert_pte_flags(new_pte, flags);
rpte = __real_pte(__pte(old_pte), ptep, PTRS_PER_PTE);
Reported by FlawFinder.
Line: 323
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
if (unlikely(slot == -2)) {
*ptep = __pte(old_pte);
hash_failure_debug(ea, access, vsid, trap, ssize,
MMU_PAGE_64K, MMU_PAGE_64K, old_pte);
return -1;
}
new_pte = (new_pte & ~_PAGE_HPTEFLAGS) | H_PAGE_HASHPTE;
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-flash.c
8 issues
Line: 158
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Candidate image is not validated */
if (args_buf->status < VALIDATE_TMP_UPDATE) {
len = sprintf(buf, "%d\n", args_buf->status);
goto out;
}
/* Result token */
len = sprintf(buf, "%d\n", args_buf->result);
Reported by FlawFinder.
Line: 163
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
/* Result token */
len = sprintf(buf, "%d\n", args_buf->result);
/* Current and candidate image version details */
if ((args_buf->result != VALIDATE_TMP_UPDATE) &&
(args_buf->result < VALIDATE_CUR_UNKNOWN))
goto out;
Reported by FlawFinder.
Line: 171
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
if (args_buf->buf_size > (VALIDATE_BUF_SIZE - len)) {
memcpy(buf + len, args_buf->buf, VALIDATE_BUF_SIZE - len);
len = VALIDATE_BUF_SIZE;
} else {
memcpy(buf + len, args_buf->buf, args_buf->buf_size);
len += args_buf->buf_size;
}
Reported by FlawFinder.
Line: 174
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf + len, args_buf->buf, VALIDATE_BUF_SIZE - len);
len = VALIDATE_BUF_SIZE;
} else {
memcpy(buf + len, args_buf->buf, args_buf->buf_size);
len += args_buf->buf_size;
}
out:
/* Set status to default */
args_buf->status = FLASH_NO_OP;
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy first 4k bytes of candidate image */
memcpy(args_buf->buf, image_data.data, VALIDATE_BUF_SIZE);
args_buf->status = VALIDATE_IMG_READY;
args_buf->buf_size = VALIDATE_BUF_SIZE;
/* Validate candidate image */
Reported by FlawFinder.
Line: 241
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct manage_flash_t *const args_buf = &manage_flash_data;
int rc;
rc = sprintf(buf, "%d\n", args_buf->status);
/* Set status to default*/
args_buf->status = FLASH_NO_OP;
return rc;
}
Reported by FlawFinder.
Line: 324
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct kobj_attribute *attr, char *buf)
{
struct update_flash_t *const args_buf = &update_flash_data;
return sprintf(buf, "%d\n", args_buf->status);
}
/*
* Set update image flag
* 1 - Flash new image
Reported by FlawFinder.
Line: 468
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(image_data.data + pos, (void *)buffer, count);
rc = count;
/* Set image status */
if ((pos + count) == image_data.size) {
pr_debug("FLASH: Candidate image loaded....\n");
Reported by FlawFinder.
arch/powerpc/boot/ppcboot-hotfoot.h
8 issues
Line: 52
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
unsigned long bi_bootflags; /* boot / reboot flag (for LynxOS) */
unsigned long bi_ip_addr; /* IP Address */
unsigned char bi_enetaddr[6]; /* Ethernet address */
#if defined(TARGET_HOTFOOT)
/* second onboard ethernet port */
unsigned char bi_enet1addr[6];
#define HAVE_ENET1ADDR
#endif /* TARGET_HOOTFOOT */
Reported by FlawFinder.
Line: 55
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char bi_enetaddr[6]; /* Ethernet address */
#if defined(TARGET_HOTFOOT)
/* second onboard ethernet port */
unsigned char bi_enet1addr[6];
#define HAVE_ENET1ADDR
#endif /* TARGET_HOOTFOOT */
unsigned short bi_ethspeed; /* Ethernet speed in Mbps */
unsigned long bi_intfreq; /* Internal Freq, in MHz */
unsigned long bi_busfreq; /* Bus Freq, in MHz */
Reported by FlawFinder.
Line: 73
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
unsigned long bi_baudrate; /* Console Baudrate */
#if defined(TARGET_4xx)
unsigned char bi_s_version[4]; /* Version of this structure */
unsigned char bi_r_version[32]; /* Version of the ROM (IBM) */
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
Reported by FlawFinder.
Line: 74
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long bi_baudrate; /* Console Baudrate */
#if defined(TARGET_4xx)
unsigned char bi_s_version[4]; /* Version of this structure */
unsigned char bi_r_version[32]; /* Version of the ROM (IBM) */
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
#endif
Reported by FlawFinder.
Line: 78
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
#endif
#if defined(TARGET_HOTFOOT)
unsigned int bi_pllouta_freq; /* PLL OUTA speed, in Hz */
#endif
#if defined(TARGET_HYMOD)
Reported by FlawFinder.
Line: 89
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(TARGET_EVB64260) || defined(TARGET_405EP) || defined(TARGET_44x) || \
defined(TARGET_85xx) || defined(TARGET_83xx) || defined(TARGET_HAS_ETH1)
/* second onboard ethernet port */
unsigned char bi_enet1addr[6];
#define HAVE_ENET1ADDR
#endif
#if defined(TARGET_EVB64260) || defined(TARGET_440GX) || \
defined(TARGET_85xx) || defined(TARGET_HAS_ETH2)
/* third onboard ethernet ports */
Reported by FlawFinder.
Line: 95
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(TARGET_EVB64260) || defined(TARGET_440GX) || \
defined(TARGET_85xx) || defined(TARGET_HAS_ETH2)
/* third onboard ethernet ports */
unsigned char bi_enet2addr[6];
#define HAVE_ENET2ADDR
#endif
#if defined(TARGET_440GX) || defined(TARGET_HAS_ETH3)
/* fourth onboard ethernet ports */
unsigned char bi_enet3addr[6];
Reported by FlawFinder.
Line: 100
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
#if defined(TARGET_440GX) || defined(TARGET_HAS_ETH3)
/* fourth onboard ethernet ports */
unsigned char bi_enet3addr[6];
#define HAVE_ENET3ADDR
#endif
#if defined(TARGET_HOTFOOT)
int bi_phynum[2]; /* Determines phy mapping */
int bi_phymode[2]; /* Determines phy mode */
Reported by FlawFinder.
arch/powerpc/boot/ops.h
8 issues
Line: 234
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
platform_ops.exit();
for(;;);
}
#define fatal(args...) { printf(args); exit(); }
#define BSS_STACK(size) \
static char _bss_stack[size]; \
void *_platform_stack_top = _bss_stack + sizeof(_bss_stack);
Reported by FlawFinder.
Line: 60
Column: 8
CWE codes:
362
/* Console operations */
struct console_ops {
int (*open)(void);
void (*write)(const char *buf, int len);
void (*edit_cmdline)(char *buf, int len, unsigned int getline_timeout);
void (*close)(void);
void *data;
};
Reported by FlawFinder.
Line: 70
Column: 9
CWE codes:
362
/* Serial console operations */
struct serial_console_data {
int (*open)(void);
void (*putc)(unsigned char c);
unsigned char (*getc)(void);
u8 (*tstc)(void);
void (*close)(void);
};
Reported by FlawFinder.
Line: 176
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *devp = finddevice("/aliases");
if (devp) {
char path[MAX_PATH_LEN];
if (getprop(devp, alias, path, MAX_PATH_LEN) > 0)
return finddevice(path);
}
return NULL;
Reported by FlawFinder.
Line: 238
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BSS_STACK(size) \
static char _bss_stack[size]; \
void *_platform_stack_top = _bss_stack + sizeof(_bss_stack);
extern unsigned long timebase_period_ns;
void udelay(long delay);
Reported by FlawFinder.
Line: 72
Column: 18
CWE codes:
120
20
struct serial_console_data {
int (*open)(void);
void (*putc)(unsigned char c);
unsigned char (*getc)(void);
u8 (*tstc)(void);
void (*close)(void);
};
struct loader_info {
Reported by FlawFinder.
Line: 125
Column: 42
CWE codes:
126
static inline int setprop_str(void *devp, const char *name, const char *buf)
{
if (dt_ops.setprop)
return dt_ops.setprop(devp, name, buf, strlen(buf) + 1);
return -1;
}
static inline int del_node(const void *devp)
Reported by FlawFinder.
Line: 162
Column: 33
CWE codes:
126
const char *propval)
{
return find_node_by_prop_value(prev, propname, propval,
strlen(propval) + 1);
}
static inline void *find_node_by_devtype(const void *prev,
const char *type)
{
Reported by FlawFinder.
block/partitions/core.c
8 issues
Line: 185
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t part_partition_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", dev_to_bdev(dev)->bd_partno);
}
static ssize_t part_start_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 191
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t part_start_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%llu\n", dev_to_bdev(dev)->bd_start_sect);
}
static ssize_t part_ro_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t part_ro_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", bdev_read_only(dev_to_bdev(dev)));
}
static ssize_t part_alignment_offset_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 205
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct block_device *bdev = dev_to_bdev(dev);
return sprintf(buf, "%u\n",
queue_limit_alignment_offset(&bdev->bd_disk->queue->limits,
bdev->bd_start_sect));
}
static ssize_t part_discard_alignment_show(struct device *dev,
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct block_device *bdev = dev_to_bdev(dev);
return sprintf(buf, "%u\n",
queue_limit_discard_alignment(&bdev->bd_disk->queue->limits,
bdev->bd_start_sect));
}
static DEVICE_ATTR(partition, 0444, part_partition_show, NULL);
Reported by FlawFinder.
Line: 141
Column: 26
CWE codes:
126
state->bdev = hd->part0;
disk_name(hd, 0, state->name);
snprintf(state->pp_buf, PAGE_SIZE, " %s:", state->name);
if (isdigit(state->name[strlen(state->name)-1]))
sprintf(state->name, "p");
i = res = err = 0;
while (!res && check_part[i]) {
memset(state->parts, 0, state->limit * sizeof(state->parts[0]));
Reported by FlawFinder.
Line: 142
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
disk_name(hd, 0, state->name);
snprintf(state->pp_buf, PAGE_SIZE, " %s:", state->name);
if (isdigit(state->name[strlen(state->name)-1]))
sprintf(state->name, "p");
i = res = err = 0;
while (!res && check_part[i]) {
memset(state->parts, 0, state->limit * sizeof(state->parts[0]));
res = check_part[i++](state);
Reported by FlawFinder.
Line: 370
Column: 20
CWE codes:
126
pdev = &bdev->bd_device;
dname = dev_name(ddev);
if (isdigit(dname[strlen(dname) - 1]))
dev_set_name(pdev, "%sp%d", dname, partno);
else
dev_set_name(pdev, "%s%d", dname, partno);
device_initialize(pdev);
Reported by FlawFinder.
arch/x86/kernel/cpu/mce/dev-mcelog.c
8 issues
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static ssize_t
show_trigger(struct device *s, struct device_attribute *attr, char *buf)
{
strcpy(buf, mce_helper);
strcat(buf, "\n");
return strlen(mce_helper) + 1;
}
static ssize_t set_trigger(struct device *s, struct device_attribute *attr,
Reported by FlawFinder.
Line: 23
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DEFINE_MUTEX(mce_chrdev_read_mutex);
static char mce_helper[128];
static char *mce_helper_argv[2] = { mce_helper, NULL };
/*
* Lockless MCE logging infrastructure.
* This avoids deadlocks on printk locks without having to break locks. Also
Reported by FlawFinder.
Line: 24
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DEFINE_MUTEX(mce_chrdev_read_mutex);
static char mce_helper[128];
static char *mce_helper_argv[2] = { mce_helper, NULL };
/*
* Lockless MCE logging infrastructure.
* This avoids deadlocks on printk locks without having to break locks. Also
* separate MCEs from kernel messages to avoid bogus bug reports.
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mcelog->next = entry + 1;
memcpy(mcelog->entry + entry, mce, sizeof(struct mce));
mcelog->entry[entry].finished = 1;
mcelog->entry[entry].kflags = 0;
/* wake processes polling /dev/mcelog */
wake_up_interruptible(&mce_chrdev_wait);
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
show_trigger(struct device *s, struct device_attribute *attr, char *buf)
{
strcpy(buf, mce_helper);
strcat(buf, "\n");
return strlen(mce_helper) + 1;
}
static ssize_t set_trigger(struct device *s, struct device_attribute *attr,
const char *buf, size_t siz)
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
126
{
strcpy(buf, mce_helper);
strcat(buf, "\n");
return strlen(mce_helper) + 1;
}
static ssize_t set_trigger(struct device *s, struct device_attribute *attr,
const char *buf, size_t siz)
{
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
120
{
char *p;
strncpy(mce_helper, buf, sizeof(mce_helper));
mce_helper[sizeof(mce_helper)-1] = 0;
p = strchr(mce_helper, '\n');
if (p)
*p = 0;
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
126
if (p)
*p = 0;
return strlen(mce_helper) + !!p;
}
DEVICE_ATTR(trigger, 0644, show_trigger, set_trigger);
/*
Reported by FlawFinder.
arch/mips/include/asm/mach-loongson64/boot_param.h
8 issues
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SENSOR_VOLTAGE 0x00000002
#define SENSOR_FAN 0x00000004
struct sensor_device {
char name[32]; /* a formal name */
char label[64]; /* a flexible description */
u32 type; /* SENSOR_* */
u32 id; /* instance id of a sensor-class */
u32 fan_policy; /* see loongson_hwmon.h */
u32 fan_percent;/* only for constant speed policy */
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SENSOR_FAN 0x00000004
struct sensor_device {
char name[32]; /* a formal name */
char label[64]; /* a flexible description */
u32 type; /* SENSOR_* */
u32 id; /* instance id of a sensor-class */
u32 fan_policy; /* see loongson_hwmon.h */
u32 fan_percent;/* only for constant speed policy */
u64 base_addr; /* base address of device registers */
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 nr_sensors;
struct sensor_device sensors[MAX_SENSORS];
char has_ec;
char ec_name[32];
u64 ec_base_addr;
char has_tcm;
char tcm_name[32];
u64 tcm_base_addr;
u64 workarounds; /* see workarounds.h */
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char ec_name[32];
u64 ec_base_addr;
char has_tcm;
char tcm_name[32];
u64 tcm_base_addr;
u64 workarounds; /* see workarounds.h */
} __packed;
struct irq_source_routing_table {
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 vers; /* version of the specificition */
u16 size;
u8 flag;
char description[64];
} __packed;
#define MAX_RESOURCE_NUMBER 128
struct resource_loongson {
u64 start; /* resource start address */
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct resource_loongson {
u64 start; /* resource start address */
u64 end; /* resource end address */
char name[64];
u32 flags;
};
struct archdev_data {}; /* arch specific additions */
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct archdev_data {}; /* arch specific additions */
struct board_devices {
char name[64]; /* hold the device name */
u32 num_resources; /* number of device_resource */
/* for each device's resource */
struct resource_loongson resource[MAX_RESOURCE_NUMBER];
/* arch specific additions */
struct archdev_data archdata;
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct loongson_special_attribute {
u16 vers; /* version of this special */
char special_name[64]; /* special_atribute_name */
u32 loongson_special_type; /* type of special device */
/* for each device's resource */
struct resource_loongson resource[MAX_RESOURCE_NUMBER];
};
Reported by FlawFinder.
block/blk-throttle.c
8 issues
Line: 1578
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct throtl_grp *tg = pd_to_tg(pd);
const char *dname = blkg_dev_name(pd->blkg);
char bufs[4][21] = { "max", "max", "max", "max" };
u64 bps_dft;
unsigned int iops_dft;
char idle_time[26] = "";
char latency_time[26] = "";
Reported by FlawFinder.
Line: 1581
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char bufs[4][21] = { "max", "max", "max", "max" };
u64 bps_dft;
unsigned int iops_dft;
char idle_time[26] = "";
char latency_time[26] = "";
if (!dname)
return 0;
Reported by FlawFinder.
Line: 1582
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 bps_dft;
unsigned int iops_dft;
char idle_time[26] = "";
char latency_time[26] = "";
if (!dname)
return 0;
if (off == LIMIT_LOW) {
Reported by FlawFinder.
Line: 1618
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tg->iops_conf[WRITE][off]);
if (off == LIMIT_LOW) {
if (tg->idletime_threshold_conf == ULONG_MAX)
strcpy(idle_time, " idle=max");
else
snprintf(idle_time, sizeof(idle_time), " idle=%lu",
tg->idletime_threshold_conf);
if (tg->latency_target_conf == ULONG_MAX)
Reported by FlawFinder.
Line: 1624
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tg->idletime_threshold_conf);
if (tg->latency_target_conf == ULONG_MAX)
strcpy(latency_time, " latency=max");
else
snprintf(latency_time, sizeof(latency_time),
" latency=%lu", tg->latency_target_conf);
}
Reported by FlawFinder.
Line: 1669
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
idle_time = tg->idletime_threshold_conf;
latency_time = tg->latency_target_conf;
while (true) {
char tok[27]; /* wiops=18446744073709551616 */
char *p;
u64 val = U64_MAX;
int len;
if (sscanf(ctx.body, "%26s%n", tok, &len) != 1)
Reported by FlawFinder.
Line: 2470
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
if (!q->td)
return -EINVAL;
return sprintf(page, "%u\n", jiffies_to_msecs(q->td->throtl_slice));
}
ssize_t blk_throtl_sample_time_store(struct request_queue *q,
const char *page, size_t count)
{
Reported by FlawFinder.
Line: 1674
Column: 7
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
u64 val = U64_MAX;
int len;
if (sscanf(ctx.body, "%26s%n", tok, &len) != 1)
break;
if (tok[0] == '\0')
break;
ctx.body += len;
Reported by FlawFinder.
arch/s390/kernel/sthyi.c
8 issues
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 infmdcps;
u16 infmsifl;
u16 infmdifl;
char infmname[8];
char infmtype[4];
char infmmanu[16];
char infmseq[16];
char infmpman[4];
u8 reserved[4];
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 infmsifl;
u16 infmdifl;
char infmname[8];
char infmtype[4];
char infmmanu[16];
char infmseq[16];
char infmpman[4];
u8 reserved[4];
} __packed;
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 infmdifl;
char infmname[8];
char infmtype[4];
char infmmanu[16];
char infmseq[16];
char infmpman[4];
u8 reserved[4];
} __packed;
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char infmname[8];
char infmtype[4];
char infmmanu[16];
char infmseq[16];
char infmpman[4];
u8 reserved[4];
} __packed;
struct par_sctn {
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char infmtype[4];
char infmmanu[16];
char infmseq[16];
char infmpman[4];
u8 reserved[4];
} __packed;
struct par_sctn {
u8 infpflg1;
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 infpsifl;
u16 infpdifl;
u16 reserved;
char infppnam[8];
u32 infpwbcp;
u32 infpabcp;
u32 infpwbif;
u32 infpabif;
char infplgnm[8];
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 infpabcp;
u32 infpwbif;
u32 infpabif;
char infplgnm[8];
u32 infplgcp;
u32 infplgif;
} __packed;
struct sthyi_sctns {
Reported by FlawFinder.
Line: 482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
*rc = 0;
memcpy(dst, sthyi_cache.info, PAGE_SIZE);
out:
mutex_unlock(&sthyi_mutex);
return r;
}
EXPORT_SYMBOL_GPL(sthyi_fill);
Reported by FlawFinder.