The following issues were found
arch/powerpc/kernel/rtasd.c
8 issues
Line: 62
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 4G or else bad things happen. Allocate this in the kernel data and
* make it big enough.
*/
static unsigned char logdata[RTAS_ERROR_LOG_MAX];
static char *rtas_type[] = {
"Unknown", "Retry", "TCE Error", "Internal Device Failure",
"Timeout", "Data Parity", "Address Parity", "Cache Parity",
"Address Invalid", "ECC Uncorrected", "ECC Corrupted",
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i,j,n = 0;
int perline = 16;
char buffer[64];
char * str = "RTAS event";
if (full_rtas_msgs) {
printk(RTAS_DEBUG "%d -------- %s begin --------\n",
error_log_cnt, str);
Reported by FlawFinder.
Line: 132
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
j = i % perline;
if (j == 0) {
memset(buffer, 0, sizeof(buffer));
n = sprintf(buffer, "RTAS %d:", i/perline);
}
if ((i % 4) == 0)
n += sprintf(buffer+n, " ");
Reported by FlawFinder.
Line: 138
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((i % 4) == 0)
n += sprintf(buffer+n, " ");
n += sprintf(buffer+n, "%02x", (unsigned char)buf[i]);
if (j == (perline-1))
printk(KERN_DEBUG "%s\n", buffer);
}
if ((i % perline) != 0)
Reported by FlawFinder.
Line: 253
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((rtas_log_start+rtas_log_size) & LOG_NUMBER_MASK);
/* First copy over sequence number */
memcpy(&rtas_log_buf[offset], (void *) &error_log_cnt, sizeof(int));
/* Second copy over error log data */
offset += sizeof(int);
memcpy(&rtas_log_buf[offset], buf, len);
Reported by FlawFinder.
Line: 257
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Second copy over error log data */
offset += sizeof(int);
memcpy(&rtas_log_buf[offset], buf, len);
if (rtas_log_size < LOG_NUMBER)
rtas_log_size += 1;
else
rtas_log_start += 1;
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
offset = rtas_error_log_buffer_max * (rtas_log_start & LOG_NUMBER_MASK);
memcpy(tmp, &rtas_log_buf[offset], count);
rtas_log_start += 1;
rtas_log_size -= 1;
spin_unlock_irqrestore(&rtasd_log_lock, s);
Reported by FlawFinder.
Line: 136
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if ((i % 4) == 0)
n += sprintf(buffer+n, " ");
n += sprintf(buffer+n, "%02x", (unsigned char)buf[i]);
if (j == (perline-1))
printk(KERN_DEBUG "%s\n", buffer);
Reported by FlawFinder.
arch/x86/include/asm/string_32.h
8 issues
Line: 10
Column: 14
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Let gcc decide whether to inline or use the out of line functions */
#define __HAVE_ARCH_STRCPY
extern char *strcpy(char *dest, const char *src);
#define __HAVE_ARCH_STRNCPY
extern char *strncpy(char *dest, const char *src, size_t count);
#define __HAVE_ARCH_STRCAT
Reported by FlawFinder.
Line: 16
Column: 14
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
extern char *strncpy(char *dest, const char *src, size_t count);
#define __HAVE_ARCH_STRCAT
extern char *strcat(char *dest, const char *src);
#define __HAVE_ARCH_STRNCAT
extern char *strncat(char *dest, const char *src, size_t count);
#define __HAVE_ARCH_STRCMP
Reported by FlawFinder.
Line: 146
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *, const void *, size_t);
#ifndef CONFIG_FORTIFY_SOURCE
#ifdef CONFIG_X86_USE_3DNOW
#include <asm/mmx.h>
Reported by FlawFinder.
Line: 171
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return _mmx_memcpy(to, from, len);
}
#define memcpy(t, f, n) \
(__builtin_constant_p((n)) \
? __constant_memcpy3d((t), (f), (n)) \
: __memcpy3d((t), (f), (n)))
#else
Reported by FlawFinder.
Line: 182
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* No 3D Now!
*/
#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
#endif
#endif /* !CONFIG_FORTIFY_SOURCE */
#define __HAVE_ARCH_MEMMOVE
Reported by FlawFinder.
Line: 13
Column: 14
CWE codes:
120
extern char *strcpy(char *dest, const char *src);
#define __HAVE_ARCH_STRNCPY
extern char *strncpy(char *dest, const char *src, size_t count);
#define __HAVE_ARCH_STRCAT
extern char *strcat(char *dest, const char *src);
#define __HAVE_ARCH_STRNCAT
Reported by FlawFinder.
Line: 19
Column: 14
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
extern char *strcat(char *dest, const char *src);
#define __HAVE_ARCH_STRNCAT
extern char *strncat(char *dest, const char *src, size_t count);
#define __HAVE_ARCH_STRCMP
extern int strcmp(const char *cs, const char *ct);
#define __HAVE_ARCH_STRNCMP
Reported by FlawFinder.
Line: 31
Column: 15
CWE codes:
126
extern char *strchr(const char *s, int c);
#define __HAVE_ARCH_STRLEN
extern size_t strlen(const char *s);
static __always_inline void *__memcpy(void *to, const void *from, size_t n)
{
int d0, d1, d2;
asm volatile("rep ; movsl\n\t"
Reported by FlawFinder.
arch/s390/kernel/early.c
8 issues
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(hvstr, "%-16.16s", vm->vm[0].cpi);
strim_all(hvstr);
} else {
sprintf(hvstr, "%s",
MACHINE_IS_LPAR ? "LPAR" :
MACHINE_IS_VM ? "z/VM" :
MACHINE_IS_KVM ? "KVM" : "unknown");
}
dump_stack_set_arch_desc("%s (%s)", mstr, hvstr);
Reported by FlawFinder.
Line: 69
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
}
static __initdata char sysinfo_page[PAGE_SIZE] __aligned(PAGE_SIZE);
static noinline __init void detect_machine_type(void)
{
struct sysinfo_3_2_2 *vmms = (struct sysinfo_3_2_2 *)&sysinfo_page;
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sysinfo_1_1_1 *mach = (struct sysinfo_1_1_1 *)&sysinfo_page;
struct sysinfo_3_2_2 *vm = (struct sysinfo_3_2_2 *)&sysinfo_page;
char mstr[80], hvstr[17];
if (stsi(mach, 1, 1, 1))
return;
EBCASC(mach->manufacturer, sizeof(mach->manufacturer));
EBCASC(mach->type, sizeof(mach->type));
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
EBCASC(mach->type, sizeof(mach->type));
EBCASC(mach->model, sizeof(mach->model));
EBCASC(mach->model_capacity, sizeof(mach->model_capacity));
sprintf(mstr, "%-16.16s %-4.4s %-16.16s %-16.16s",
mach->manufacturer, mach->type,
mach->model, mach->model_capacity);
strim_all(mstr);
if (stsi(vm, 3, 2, 2) == 0 && vm->count) {
EBCASC(vm->vm[0].cpi, sizeof(vm->vm[0].cpi));
Reported by FlawFinder.
Line: 127
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strim_all(mstr);
if (stsi(vm, 3, 2, 2) == 0 && vm->count) {
EBCASC(vm->vm[0].cpi, sizeof(vm->vm[0].cpi));
sprintf(hvstr, "%-16.16s", vm->vm[0].cpi);
strim_all(hvstr);
} else {
sprintf(hvstr, "%s",
MACHINE_IS_LPAR ? "LPAR" :
MACHINE_IS_VM ? "z/VM" :
Reported by FlawFinder.
Line: 275
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
early_param("novx", disable_vector_extension);
char __bootdata(early_command_line)[COMMAND_LINE_SIZE];
static void __init setup_boot_command_line(void)
{
/* copy arch command line */
strlcpy(boot_command_line, early_command_line, ARCH_COMMAND_LINE_SIZE);
}
Reported by FlawFinder.
Line: 98
Column: 19
CWE codes:
126
s = strim(str);
if (s != str)
memmove(str, s, strlen(s));
while (*str) {
if (!isspace(*str++))
continue;
if (isspace(*str)) {
s = skip_spaces(str);
Reported by FlawFinder.
Line: 104
Column: 20
CWE codes:
126
continue;
if (isspace(*str)) {
s = skip_spaces(str);
memmove(str, s, strlen(s) + 1);
}
}
}
static noinline __init void setup_arch_string(void)
Reported by FlawFinder.
arch/s390/include/uapi/asm/dasd.h
8 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int open_count;
unsigned int req_queue_len;
unsigned int chanq_len; /* length of chanq */
char type[4]; /* from discipline.name, 'none' for unknown */
unsigned int status; /* current device level */
unsigned int label_block; /* where to find the VOLSER */
unsigned int FBA_layout; /* fixed block size (like AIXVOL) */
unsigned int characteristics_size;
unsigned int confdata_size;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int FBA_layout; /* fixed block size (like AIXVOL) */
unsigned int characteristics_size;
unsigned int confdata_size;
char characteristics[64]; /* from read_device_characteristics */
char configuration_data[256]; /* from read_configuration_data */
unsigned int format; /* format info like formatted/cdl/ldl/... */
unsigned int features; /* dasd features like 'ro',... */
unsigned int reserved0; /* reserved for further use ,... */
unsigned int reserved1; /* reserved for further use ,... */
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int characteristics_size;
unsigned int confdata_size;
char characteristics[64]; /* from read_device_characteristics */
char configuration_data[256]; /* from read_configuration_data */
unsigned int format; /* format info like formatted/cdl/ldl/... */
unsigned int features; /* dasd features like 'ro',... */
unsigned int reserved0; /* reserved for further use ,... */
unsigned int reserved1; /* reserved for further use ,... */
unsigned int reserved2; /* reserved for further use ,... */
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int open_count;
unsigned int req_queue_len;
unsigned int chanq_len; /* length of chanq */
char type[4]; /* from discipline.name, 'none' for unknown */
unsigned int status; /* current device level */
unsigned int label_block; /* where to find the VOLSER */
unsigned int FBA_layout; /* fixed block size (like AIXVOL) */
unsigned int characteristics_size;
unsigned int confdata_size;
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int FBA_layout; /* fixed block size (like AIXVOL) */
unsigned int characteristics_size;
unsigned int confdata_size;
char characteristics[64]; /* from read_device_characteristics */
char configuration_data[256]; /* from read_configuration_data */
} dasd_information_t;
/*
* Read Subsystem Data - Performance Statistics
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int characteristics_size;
unsigned int confdata_size;
char characteristics[64]; /* from read_device_characteristics */
char configuration_data[256]; /* from read_configuration_data */
} dasd_information_t;
/*
* Read Subsystem Data - Performance Statistics
*/
Reported by FlawFinder.
Line: 154
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nr_quick_write_promotes;
unsigned char reserved;
unsigned short ssid;
unsigned char reseved2[96];
} __attribute__((packed)) dasd_rssd_perf_stats_t;
/*
* struct profile_info_t
* holds the profinling information
Reported by FlawFinder.
Line: 254
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Perform EMC Symmetrix I/O
*/
typedef struct dasd_symmio_parms {
unsigned char reserved[8]; /* compat with older releases */
unsigned long long psf_data; /* char * cast to u64 */
unsigned long long rssd_result; /* char * cast to u64 */
int psf_data_len;
int rssd_result_len;
} __attribute__ ((packed)) dasd_symmio_parms_t;
Reported by FlawFinder.
arch/x86/kvm/mmu/mmutrace.h
8 issues
Line: 41
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
role.gpte_is_8_bytes ? 8 : 4, \
role.quadrant, \
role.direct ? " direct" : "", \
access_str[role.access], \
role.invalid ? " invalid" : "", \
role.efer_nx ? "" : "!", \
role.ad_disabled ? "!" : "", \
__entry->root_count, \
__entry->unsync ? "unsync" : "sync", 0); \
Reported by FlawFinder.
Line: 211
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TP_STRUCT__entry(
__field(void *, sptep)
__field(gfn_t, gfn)
__field(unsigned, access)
__field(unsigned int, gen)
),
TP_fast_assign(
__entry->sptep = sptep;
Reported by FlawFinder.
Line: 223
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
),
TP_printk("sptep:%p gfn %llx access %x gen %x", __entry->sptep,
__entry->gfn, __entry->access, __entry->gen)
);
TRACE_EVENT(
handle_mmio_page_fault,
TP_PROTO(u64 addr, gfn_t gfn, unsigned access),
Reported by FlawFinder.
Line: 228
Column: 41
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TRACE_EVENT(
handle_mmio_page_fault,
TP_PROTO(u64 addr, gfn_t gfn, unsigned access),
TP_ARGS(addr, gfn, access),
TP_STRUCT__entry(
__field(u64, addr)
__field(gfn_t, gfn)
Reported by FlawFinder.
Line: 229
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TRACE_EVENT(
handle_mmio_page_fault,
TP_PROTO(u64 addr, gfn_t gfn, unsigned access),
TP_ARGS(addr, gfn, access),
TP_STRUCT__entry(
__field(u64, addr)
__field(gfn_t, gfn)
__field(unsigned, access)
Reported by FlawFinder.
Line: 234
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TP_STRUCT__entry(
__field(u64, addr)
__field(gfn_t, gfn)
__field(unsigned, access)
),
TP_fast_assign(
__entry->addr = addr;
__entry->gfn = gfn;
Reported by FlawFinder.
Line: 240
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TP_fast_assign(
__entry->addr = addr;
__entry->gfn = gfn;
__entry->access = access;
),
TP_printk("addr:%llx gfn %llx access %x", __entry->addr, __entry->gfn,
__entry->access)
);
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
),
TP_printk("addr:%llx gfn %llx access %x", __entry->addr, __entry->gfn,
__entry->access)
);
TRACE_EVENT(
fast_page_fault,
TP_PROTO(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 error_code,
Reported by FlawFinder.
arch/arm64/kernel/proton-pack.c
8 issues
Line: 61
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
}
/*
* Spectre v2.
*
Reported by FlawFinder.
Line: 104
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (spectre_v2_state) {
case SPECTRE_UNAFFECTED:
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: Branch predictor hardening\n");
case SPECTRE_VULNERABLE:
fallthrough;
default:
Reported by FlawFinder.
Line: 106
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SPECTRE_UNAFFECTED:
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: Branch predictor hardening\n");
case SPECTRE_VULNERABLE:
fallthrough;
default:
return sprintf(buf, "Vulnerable\n");
}
Reported by FlawFinder.
Line: 110
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SPECTRE_VULNERABLE:
fallthrough;
default:
return sprintf(buf, "Vulnerable\n");
}
}
static enum mitigation_state spectre_v2_get_cpu_hw_mitigation_state(void)
{
Reported by FlawFinder.
Line: 408
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (spectre_v4_state) {
case SPECTRE_UNAFFECTED:
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: Speculative Store Bypass disabled via prctl\n");
case SPECTRE_VULNERABLE:
fallthrough;
default:
Reported by FlawFinder.
Line: 410
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SPECTRE_UNAFFECTED:
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: Speculative Store Bypass disabled via prctl\n");
case SPECTRE_VULNERABLE:
fallthrough;
default:
return sprintf(buf, "Vulnerable\n");
}
Reported by FlawFinder.
Line: 414
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SPECTRE_VULNERABLE:
fallthrough;
default:
return sprintf(buf, "Vulnerable\n");
}
}
enum mitigation_state arm64_get_spectre_v4_state(void)
{
Reported by FlawFinder.
Line: 361
Column: 32
CWE codes:
126
for (i = 0; i < ARRAY_SIZE(spectre_v4_params); i++) {
const struct spectre_v4_param *param = &spectre_v4_params[i];
if (strncmp(str, param->str, strlen(param->str)))
continue;
__spectre_v4_policy = param->policy;
return 0;
}
Reported by FlawFinder.
arch/arm/mach-omap2/vc.c
8 issues
Line: 158
Column: 15
CWE codes:
120
20
return -ENODATA;
}
if (!voltdm->read || !voltdm->write) {
pr_err("%s: No read/write API for accessing vdd_%s regs\n",
__func__, voltdm->name);
return -EINVAL;
}
Reported by FlawFinder.
Line: 168
Column: 22
CWE codes:
120
20
*current_vsel = voltdm->pmic->uv_to_vsel(voltdm->nominal_volt);
/* Setting the ON voltage to the new target voltage */
vc_cmdval = voltdm->read(vc->cmdval_reg);
vc_cmdval &= ~vc->common->cmd_on_mask;
vc_cmdval |= (*target_vsel << vc->common->cmd_on_shift);
voltdm->write(vc_cmdval, vc->cmdval_reg);
voltdm->vc_param->on = target_volt;
Reported by FlawFinder.
Line: 216
Column: 28
CWE codes:
120
20
voltdm->write(vc_bypass_value, vc_bypass_val_reg);
voltdm->write(vc_bypass_value | vc_valid, vc_bypass_val_reg);
vc_bypass_value = voltdm->read(vc_bypass_val_reg);
/*
* Loop till the bypass command is acknowledged from the SMPS.
* NOTE: This is legacy code. The loop count and retry count needs
* to be revisited.
*/
Reported by FlawFinder.
Line: 235
Column: 29
CWE codes:
120
20
loop_cnt = 0;
udelay(10);
}
vc_bypass_value = voltdm->read(vc_bypass_val_reg);
}
omap_vc_post_scale(voltdm, target_volt, target_vsel, current_vsel);
return 0;
}
Reported by FlawFinder.
Line: 342
Column: 16
CWE codes:
120
20
vc.vd = voltdm;
val = voltdm->read(OMAP3_PRM_POLCTRL_OFFSET);
if (!(val & OMAP3430_PRM_POLCTRL_CLKREQ_POL) ||
(val & OMAP3430_PRM_POLCTRL_OFFMODE_POL)) {
val |= OMAP3430_PRM_POLCTRL_CLKREQ_POL;
val &= ~OMAP3430_PRM_POLCTRL_OFFMODE_POL;
pr_debug("PM: fixing sys_clkreq and sys_off_mode polarity to 0x%x\n",
Reported by FlawFinder.
Line: 363
Column: 16
CWE codes:
120
20
* loaded. See also omap_vc_i2c_init for comments regarding
* erratum i531.
*/
val = voltdm->read(OMAP3_PRM_VOLTCTRL_OFFSET);
if (!(val & OMAP3430_PRM_VOLTCTRL_SEL_OFF)) {
val |= OMAP3430_PRM_VOLTCTRL_SEL_OFF;
pr_debug("PM: setting voltctrl sys_off_mode signaling to 0x%x\n",
val);
voltdm->write(val, OMAP3_PRM_VOLTCTRL_OFFSET);
Reported by FlawFinder.
arch/um/os-Linux/execvp.c
8 issues
Line: 47
Column: 3
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (strchr (file, '/') != NULL) {
/* Don't search when it contains a slash. */
execv(file, argv);
} else {
int got_eacces;
size_t len, pathlen;
char *name, *p;
char *path = getenv("PATH");
Reported by FlawFinder.
Line: 83
Column: 4
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
startp = memcpy(name - (p - path), path, p - path);
/* Try to execute this name. If it works, execv will not return. */
execv(startp, argv);
/*
if (errno == ENOEXEC) {
}
*/
Reported by FlawFinder.
Line: 52
Column: 16
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int got_eacces;
size_t len, pathlen;
char *name, *p;
char *path = getenv("PATH");
if (path == NULL)
path = ":/bin:/usr/bin";
len = strlen(file) + 1;
pathlen = strlen(path);
Reported by FlawFinder.
Line: 59
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = strlen(file) + 1;
pathlen = strlen(path);
/* Copy the file name at the top. */
name = memcpy(buf + pathlen + 1, file, len);
/* And add the slash. */
*--name = '/';
got_eacces = 0;
p = path;
Reported by FlawFinder.
Line: 80
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
of `PATH' means to search the current directory. */
startp = name + 1;
else
startp = memcpy(name - (p - path), path, p - path);
/* Try to execute this name. If it works, execv will not return. */
execv(startp, argv);
/*
Reported by FlawFinder.
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef TEST
int main(int argc, char**argv)
{
char buf[PATH_MAX];
int ret;
argc--;
if (!argc) {
os_warn("Not enough arguments\n");
return 1;
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
126
if (path == NULL)
path = ":/bin:/usr/bin";
len = strlen(file) + 1;
pathlen = strlen(path);
/* Copy the file name at the top. */
name = memcpy(buf + pathlen + 1, file, len);
/* And add the slash. */
*--name = '/';
Reported by FlawFinder.
Line: 57
Column: 13
CWE codes:
126
path = ":/bin:/usr/bin";
len = strlen(file) + 1;
pathlen = strlen(path);
/* Copy the file name at the top. */
name = memcpy(buf + pathlen + 1, file, len);
/* And add the slash. */
*--name = '/';
Reported by FlawFinder.
arch/um/os-Linux/file.c
8 issues
Line: 80
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
(mode & OS_ACC_X_OK ? X_OK : 0) |
(mode & OS_ACC_F_OK ? F_OK : 0);
err = access(file, amode);
if (err < 0)
return -errno;
return 0;
}
Reported by FlawFinder.
Line: 164
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*mode_out = OPENFLAGS();
err = access(file, W_OK);
if (err && (errno != EACCES))
return -errno;
else if (!err)
*mode_out = of_write(*mode_out);
Reported by FlawFinder.
Line: 170
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
else if (!err)
*mode_out = of_write(*mode_out);
err = access(file, R_OK);
if (err && (errno != EACCES))
return -errno;
else if (!err)
*mode_out = of_read(*mode_out);
Reported by FlawFinder.
Line: 326
Column: 8
CWE codes:
362
int fd;
long blocks;
fd = open(file, O_RDONLY, 0);
if (fd < 0) {
err = -errno;
printk(UM_KERN_ERR "Couldn't open \"%s\", "
"errno = %d\n", file, errno);
return err;
Reported by FlawFinder.
Line: 508
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int os_rcv_fd(int fd, int *helper_pid_out)
{
int new, n;
char buf[CMSG_SPACE(sizeof(new))];
struct msghdr msg;
struct cmsghdr *cmsg;
struct iovec iov;
msg.msg_name = NULL;
Reported by FlawFinder.
Line: 645
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.iov_len = len,
};
union {
char control[CMSG_SPACE(sizeof(*fds) * OS_SENDMSG_MAX_FDS)];
struct cmsghdr align;
} u;
unsigned int fds_size = sizeof(*fds) * fds_num;
struct msghdr msg = {
.msg_iov = &iov,
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(fds_size);
memcpy(CMSG_DATA(cmsg), fds, fds_size);
err = sendmsg(fd, &msg, 0);
if (err < 0)
return -errno;
return err;
Reported by FlawFinder.
arch/powerpc/platforms/52xx/mpc52xx_pm.c
8 issues
Line: 111
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
char saved_sram[0x4000];
int mpc52xx_pm_enter(suspend_state_t state)
{
u32 clk_enables;
u32 msr, hid0;
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 intr_main_mask;
void __iomem * irq_0x500 = (void __iomem *)CONFIG_KERNEL_START + 0x500;
unsigned long irq_0x500_stop = (unsigned long)irq_0x500 + mpc52xx_ds_cached_size;
char saved_0x500[0x600-0x500];
if (WARN_ON(mpc52xx_ds_cached_size > sizeof(saved_0x500)))
return -ENOMEM;
/* disable all interrupts in PIC */
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mtspr(SPRN_DEC, 0x7fffffff);
/* save SRAM */
memcpy(saved_sram, sram, sram_size);
/* copy low level suspend code to sram */
memcpy(sram, mpc52xx_ds_sram, mpc52xx_ds_sram_size);
out_8(&cdm->ccs_sleep_enable, 1);
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(saved_sram, sram, sram_size);
/* copy low level suspend code to sram */
memcpy(sram, mpc52xx_ds_sram, mpc52xx_ds_sram_size);
out_8(&cdm->ccs_sleep_enable, 1);
out_8(&cdm->osc_sleep_enable, 1);
out_8(&cdm->ccs_qreq_test, 1);
Reported by FlawFinder.
Line: 155
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mtspr(SPRN_HID0, (hid0 & ~(HID0_DOZE | HID0_NAP | HID0_DPM)) | HID0_SLEEP);
/* save original, copy our irq handler, flush from dcache and invalidate icache */
memcpy(saved_0x500, irq_0x500, mpc52xx_ds_cached_size);
memcpy(irq_0x500, mpc52xx_ds_cached, mpc52xx_ds_cached_size);
flush_icache_range((unsigned long)irq_0x500, irq_0x500_stop);
/* call low-level sleep code */
mpc52xx_deep_sleep(sram, sdram, cdm, intr);
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* save original, copy our irq handler, flush from dcache and invalidate icache */
memcpy(saved_0x500, irq_0x500, mpc52xx_ds_cached_size);
memcpy(irq_0x500, mpc52xx_ds_cached, mpc52xx_ds_cached_size);
flush_icache_range((unsigned long)irq_0x500, irq_0x500_stop);
/* call low-level sleep code */
mpc52xx_deep_sleep(sram, sdram, cdm, intr);
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mpc52xx_deep_sleep(sram, sdram, cdm, intr);
/* restore original irq handler */
memcpy(irq_0x500, saved_0x500, mpc52xx_ds_cached_size);
flush_icache_range((unsigned long)irq_0x500, irq_0x500_stop);
/* restore old power mode */
mtmsr(msr & ~MSR_POW);
mtspr(SPRN_HID0, hid0);
Reported by FlawFinder.
Line: 176
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out_8(&cdm->osc_sleep_enable, 0);
/* restore SRAM */
memcpy(sram, saved_sram, sram_size);
/* reenable interrupts in PIC */
out_be32(&intr->main_mask, intr_main_mask);
return 0;
Reported by FlawFinder.