The following issues were found
arch/powerpc/perf/hv-24x7.c
8 issues
Line: 448
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
d = container_of(attr, struct dev_ext_attribute, attr);
return sprintf(buf, "%s\n", (char *)d->var);
}
static ssize_t cpumask_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1097
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!str)
continue;
n = sprintf(page, "%d: %s\n", d, str);
if (n < 0)
break;
count += n;
page += n;
Reported by FlawFinder.
Line: 1123
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
ret = -EIO; \
goto e_free; \
} \
ret = sprintf(buf, _fmt, _expr); \
e_free: \
kmem_cache_free(hv_page_cache, page); \
return ret; \
} \
static DEVICE_ATTR_RO(_name)
Reported by FlawFinder.
Line: 406
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *sindex;
const char *lpar;
const char *domain_str;
char buf[8];
switch (domain) {
case HV_PERF_DOMAIN_PHYS_CHIP:
snprintf(buf, sizeof(buf), "%d", domain);
domain_str = buf;
Reported by FlawFinder.
Line: 460
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t sockets_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", phys_sockets);
}
static ssize_t chipspersocket_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 466
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t chipspersocket_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", phys_chipspersocket);
}
static ssize_t coresperchip_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 472
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t coresperchip_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", phys_coresperchip);
}
static struct attribute *device_str_attr_create_(char *name, char *str)
{
struct dev_ext_attribute *attr = kzalloc(sizeof(*attr), GFP_KERNEL);
Reported by FlawFinder.
Line: 1069
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy_len > count)
copy_len = count;
memcpy(buf, page+offset_in_page, copy_len);
ret = copy_len;
e_free:
if (hret)
pr_err("h_get_24x7_catalog_page(ver=%lld, page=%lld) failed:"
Reported by FlawFinder.
arch/arm/mach-tegra/sleep.h
8 issues
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
Line: 91
/* Macro to exit SMP coherency. */
.macro exit_smp, tmp1, tmp2
mrc p15, 0, \tmp1, c1, c0, 1 @ ACTLR
bic \tmp1, \tmp1, #(1<<6) | (1<<0) @ clear ACTLR.SMP | ACTLR.FW
mcr p15, 0, \tmp1, c1, c0, 1 @ ACTLR
isb
#ifdef CONFIG_HAVE_ARM_SCU
check_cpu_part_num 0xc09, \tmp1, \tmp2
mrceq p15, 0, \tmp1, c0, c0, 5
Reported by Cppcheck.
arch/m68k/kernel/signal.c
8 issues
Line: 230
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sig;
int code;
struct sigcontext __user *psc;
char retcode[8];
unsigned long extramask[_NSIG_WORDS-1];
struct sigcontext sc;
};
struct rt_sigframe
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sig;
struct siginfo __user *pinfo;
void __user *puc;
char retcode[8];
struct siginfo info;
struct ucontext uc;
};
#define FPCONTEXT_SIZE 216
Reported by FlawFinder.
Line: 261
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (FPU_IS_EMU) {
/* restore registers */
memcpy(current->thread.fpcntl, sc->sc_fpcntl, 12);
memcpy(current->thread.fp, sc->sc_fpregs, 24);
return 0;
}
if (CPU_IS_060 ? sc->sc_fpstate[2] : sc->sc_fpstate[0]) {
Reported by FlawFinder.
Line: 262
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (FPU_IS_EMU) {
/* restore registers */
memcpy(current->thread.fpcntl, sc->sc_fpcntl, 12);
memcpy(current->thread.fp, sc->sc_fpregs, 24);
return 0;
}
if (CPU_IS_060 ? sc->sc_fpstate[2] : sc->sc_fpstate[0]) {
/* Verify the frame format. */
Reported by FlawFinder.
Line: 333
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int rt_restore_fpu_state(struct ucontext __user *uc)
{
unsigned char fpstate[FPCONTEXT_SIZE];
int context_size = CPU_IS_060 ? 8 : (CPU_IS_COLDFIRE ? 12 : 0);
fpregset_t fpregs;
int err = 1;
if (FPU_IS_EMU) {
Reported by FlawFinder.
Line: 433
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (FPU_IS_EMU) {
/* save registers */
memcpy(sc->sc_fpcntl, current->thread.fpcntl, 12);
memcpy(sc->sc_fpregs, current->thread.fp, 24);
return;
}
if (CPU_IS_COLDFIRE) {
Reported by FlawFinder.
Line: 434
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (FPU_IS_EMU) {
/* save registers */
memcpy(sc->sc_fpcntl, current->thread.fpcntl, 12);
memcpy(sc->sc_fpregs, current->thread.fp, 24);
return;
}
if (CPU_IS_COLDFIRE) {
__asm__ volatile ("fsave %0"
Reported by FlawFinder.
Line: 484
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int rt_save_fpu_state(struct ucontext __user *uc, struct pt_regs *regs)
{
unsigned char fpstate[FPCONTEXT_SIZE];
int context_size = CPU_IS_060 ? 8 : (CPU_IS_COLDFIRE ? 12 : 0);
int err = 0;
if (FPU_IS_EMU) {
/* save fpu control register */
Reported by FlawFinder.
arch/arm/boot/compressed/decompress.c
8 issues
Line: 17
Column: 20
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Diagnostic functions */
#ifdef DEBUG
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
Reported by FlawFinder.
Line: 18
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
Reported by FlawFinder.
Line: 19
Column: 38
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
Reported by FlawFinder.
Line: 20
Column: 44
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
# define Tracev(x)
Reported by FlawFinder.
Line: 21
Column: 47
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
# define Tracev(x)
# define Tracevv(x)
Reported by FlawFinder.
Line: 51
Column: 16
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_KERNEL_XZ
#define memmove memmove
#define memcpy memcpy
#include "../../../../lib/decompress_unxz.c"
#endif
#ifdef CONFIG_KERNEL_LZ4
#include "../../../../lib/decompress_unlz4.c"
Reported by FlawFinder.
Line: 51
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_KERNEL_XZ
#define memmove memmove
#define memcpy memcpy
#include "../../../../lib/decompress_unxz.c"
#endif
#ifdef CONFIG_KERNEL_LZ4
#include "../../../../lib/decompress_unlz4.c"
Reported by FlawFinder.
Line: 33
Column: 15
CWE codes:
126
/* Not needed, but used in some headers pulled in by decompressors */
extern char * strstr(const char * s1, const char *s2);
extern size_t strlen(const char *s);
extern int memcmp(const void *cs, const void *ct, size_t count);
extern char * strchrnul(const char *, int);
#ifdef CONFIG_KERNEL_GZIP
#include "../../../../lib/decompress_inflate.c"
Reported by FlawFinder.
arch/um/drivers/vector_user.h
8 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct arglist {
int numargs;
char *tokens[MAXVARGS];
char *values[MAXVARGS];
};
/* Separating read and write FDs allows us to have different
* rx and tx method. Example - read tap via raw socket using
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct arglist {
int numargs;
char *tokens[MAXVARGS];
char *values[MAXVARGS];
};
/* Separating read and write FDs allows us to have different
* rx and tx method. Example - read tap via raw socket using
* recvmmsg, write using legacy tap write calls
Reported by FlawFinder.
Line: 14
Column: 23
CWE codes:
126
#define TOKEN_IFNAME "ifname"
#define TRANS_RAW "raw"
#define TRANS_RAW_LEN strlen(TRANS_RAW)
#define TRANS_TAP "tap"
#define TRANS_TAP_LEN strlen(TRANS_TAP)
#define TRANS_GRE "gre"
Reported by FlawFinder.
Line: 17
Column: 23
CWE codes:
126
#define TRANS_RAW_LEN strlen(TRANS_RAW)
#define TRANS_TAP "tap"
#define TRANS_TAP_LEN strlen(TRANS_TAP)
#define TRANS_GRE "gre"
#define TRANS_GRE_LEN strlen(TRANS_GRE)
#define TRANS_L2TPV3 "l2tpv3"
Reported by FlawFinder.
Line: 20
Column: 23
CWE codes:
126
#define TRANS_TAP_LEN strlen(TRANS_TAP)
#define TRANS_GRE "gre"
#define TRANS_GRE_LEN strlen(TRANS_GRE)
#define TRANS_L2TPV3 "l2tpv3"
#define TRANS_L2TPV3_LEN strlen(TRANS_L2TPV3)
#define TRANS_HYBRID "hybrid"
Reported by FlawFinder.
Line: 23
Column: 26
CWE codes:
126
#define TRANS_GRE_LEN strlen(TRANS_GRE)
#define TRANS_L2TPV3 "l2tpv3"
#define TRANS_L2TPV3_LEN strlen(TRANS_L2TPV3)
#define TRANS_HYBRID "hybrid"
#define TRANS_HYBRID_LEN strlen(TRANS_HYBRID)
#define TRANS_BESS "bess"
Reported by FlawFinder.
Line: 26
Column: 26
CWE codes:
126
#define TRANS_L2TPV3_LEN strlen(TRANS_L2TPV3)
#define TRANS_HYBRID "hybrid"
#define TRANS_HYBRID_LEN strlen(TRANS_HYBRID)
#define TRANS_BESS "bess"
#define TRANS_BESS_LEN strlen(TRANS_BESS)
#define DEFAULT_BPF_LEN 6
Reported by FlawFinder.
Line: 29
Column: 24
CWE codes:
126
#define TRANS_HYBRID_LEN strlen(TRANS_HYBRID)
#define TRANS_BESS "bess"
#define TRANS_BESS_LEN strlen(TRANS_BESS)
#define DEFAULT_BPF_LEN 6
#ifndef IPPROTO_GRE
#define IPPROTO_GRE 0x2F
Reported by FlawFinder.
arch/um/drivers/mconsole_user.c
8 issues
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
target.sun_family = AF_UNIX;
strcpy(target.sun_path, sock_name);
packet.magic = MCONSOLE_MAGIC;
packet.version = MCONSOLE_VERSION;
packet.type = type;
len = (len > sizeof(packet.data)) ? sizeof(packet.data) : len;
Reported by FlawFinder.
Line: 38
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Initialized in mconsole_init, which is an initcall */
char mconsole_socket_name[256];
static int mconsole_reply_v0(struct mc_request *req, char *reply)
{
struct iovec iov;
struct msghdr msg;
Reported by FlawFinder.
Line: 148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len == total) reply.more = more;
else reply.more = 1;
memcpy(reply.data, str, len);
reply.data[len] = '\0';
total -= len;
str += len;
reply.len = len + 1;
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
packet.type = type;
len = (len > sizeof(packet.data)) ? sizeof(packet.data) : len;
packet.len = len;
memcpy(packet.data, data, len);
err = 0;
len = sizeof(packet) + packet.len - sizeof(packet.data);
n = sendto(notify_sock, &packet, len, 0, (struct sockaddr *) &target,
sizeof(target));
Reported by FlawFinder.
Line: 46
Column: 16
CWE codes:
126
struct msghdr msg;
iov.iov_base = reply;
iov.iov_len = strlen(reply);
msg.msg_name = &(req->origin);
msg.msg_namelen = req->originlen;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
Reported by FlawFinder.
Line: 67
Column: 8
CWE codes:
126
for (i = 0; i < ARRAY_SIZE(commands); i++) {
cmd = &commands[i];
if (!strncmp(req->request.data, cmd->command,
strlen(cmd->command))) {
return cmd;
}
}
return NULL;
}
Reported by FlawFinder.
Line: 94
Column: 6
CWE codes:
126
if (req->request.magic != MCONSOLE_MAGIC) {
/* Unversioned request */
len = MIN(sizeof(req->request.data) - 1,
strlen((char *) &req->request));
memmove(req->request.data, &req->request, len);
req->request.data[len] = '\0';
req->request.magic = MCONSOLE_MAGIC;
req->request.version = 0;
Reported by FlawFinder.
Line: 167
Column: 38
CWE codes:
126
int mconsole_reply(struct mc_request *req, const char *str, int err, int more)
{
return mconsole_reply_len(req, str, strlen(str), err, more);
}
int mconsole_unlink_socket(void)
{
Reported by FlawFinder.
arch/mips/cavium-octeon/octeon-platform.c
8 issues
Line: 488
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int alt_phy;
const char *p;
int current_len;
char new_name[20];
phy_handle = fdt_getprop(initial_boot_params, eth, "phy-handle", NULL);
if (!phy_handle)
return;
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (octeon_has_88e1145()) {
fdt_nop_property(initial_boot_params, phy, "marvell,reg-init");
memset(new_name, 0, sizeof(new_name));
strcpy(new_name, "marvell,88e1145");
p = fdt_getprop(initial_boot_params, phy, "compatible",
¤t_len);
if (p && current_len >= strlen(new_name))
fdt_setprop_inplace(initial_boot_params, phy,
"compatible", new_name, current_len);
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init octeon_fdt_pip_port(int iface, int i, int p, int max)
{
char name_buffer[20];
int eth;
int phy_addr;
int ipd_port;
int fixed_link;
Reported by FlawFinder.
Line: 680
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init octeon_fdt_pip_iface(int pip, int idx)
{
char name_buffer[20];
int iface;
int p;
int count = 0;
snprintf(name_buffer, sizeof(name_buffer), "interface@%d", idx);
Reported by FlawFinder.
Line: 700
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init octeon_fill_mac_addresses(void)
{
const char *alias_prop;
char name_buffer[20];
u64 mac_addr_base;
int aliases;
int pip;
int i;
Reported by FlawFinder.
Line: 768
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, max_port, uart_mask;
const char *pip_path;
const char *alias_prop;
char name_buffer[20];
int aliases;
if (fdt_check_header(initial_boot_params))
panic("Corrupt Device Tree.");
Reported by FlawFinder.
Line: 541
Column: 27
CWE codes:
126
strcpy(new_name, "marvell,88e1145");
p = fdt_getprop(initial_boot_params, phy, "compatible",
¤t_len);
if (p && current_len >= strlen(new_name))
fdt_setprop_inplace(initial_boot_params, phy,
"compatible", new_name, current_len);
}
reg = fdt_getprop(initial_boot_params, phy, "reg", NULL);
Reported by FlawFinder.
Line: 555
Column: 26
CWE codes:
126
snprintf(new_name, sizeof(new_name), "ethernet-phy@%x", phy_addr);
p = fdt_get_name(initial_boot_params, phy, ¤t_len);
if (p && current_len == strlen(new_name))
fdt_set_name(initial_boot_params, phy, new_name);
else
pr_err("Error: could not rename ethernet phy: <%s>", p);
}
Reported by FlawFinder.
arch/x86/kernel/cpu/mtrr/cyrix.c
8 issues
Line: 229
CWE codes:
758
prepare_set();
base <<= PAGE_SHIFT;
setCx86(arr + 0, ((unsigned char *)&base)[3]);
setCx86(arr + 1, ((unsigned char *)&base)[2]);
setCx86(arr + 2, (((unsigned char *)&base)[1]) | arr_size);
setCx86(CX86_RCR_BASE + reg, arr_type);
post_set();
Reported by Cppcheck.
Line: 230
CWE codes:
758
base <<= PAGE_SHIFT;
setCx86(arr + 0, ((unsigned char *)&base)[3]);
setCx86(arr + 1, ((unsigned char *)&base)[2]);
setCx86(arr + 2, (((unsigned char *)&base)[1]) | arr_size);
setCx86(CX86_RCR_BASE + reg, arr_type);
post_set();
}
Reported by Cppcheck.
Line: 231
CWE codes:
758
base <<= PAGE_SHIFT;
setCx86(arr + 0, ((unsigned char *)&base)[3]);
setCx86(arr + 1, ((unsigned char *)&base)[2]);
setCx86(arr + 2, (((unsigned char *)&base)[1]) | arr_size);
setCx86(CX86_RCR_BASE + reg, arr_type);
post_set();
}
Reported by Cppcheck.
Line: 26
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ccr3 = getCx86(CX86_CCR3);
setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
((unsigned char *)base)[3] = getCx86(arr);
((unsigned char *)base)[2] = getCx86(arr + 1);
((unsigned char *)base)[1] = getCx86(arr + 2);
rcr = getCx86(CX86_RCR_BASE + reg);
setCx86(CX86_CCR3, ccr3); /* disable MAPEN */
Reported by FlawFinder.
Line: 27
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ccr3 = getCx86(CX86_CCR3);
setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
((unsigned char *)base)[3] = getCx86(arr);
((unsigned char *)base)[2] = getCx86(arr + 1);
((unsigned char *)base)[1] = getCx86(arr + 2);
rcr = getCx86(CX86_RCR_BASE + reg);
setCx86(CX86_CCR3, ccr3); /* disable MAPEN */
local_irq_restore(flags);
Reported by FlawFinder.
Line: 28
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
((unsigned char *)base)[3] = getCx86(arr);
((unsigned char *)base)[2] = getCx86(arr + 1);
((unsigned char *)base)[1] = getCx86(arr + 2);
rcr = getCx86(CX86_RCR_BASE + reg);
setCx86(CX86_CCR3, ccr3); /* disable MAPEN */
local_irq_restore(flags);
Reported by FlawFinder.
Line: 34
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
local_irq_restore(flags);
shift = ((unsigned char *) base)[1] & 0x0f;
*base >>= PAGE_SHIFT;
/*
* Power of two, at least 4K on ARR0-ARR6, 256K on ARR7
* Note: shift==0xf means 4G, this is unsupported.
Reported by FlawFinder.
Line: 248
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0UL, 0UL, 0UL}, {0UL, 0UL, 0UL}, {0UL, 0UL, 0UL}, {0UL, 0UL, 0UL}
};
static unsigned char ccr_state[7] = { 0, 0, 0, 0, 0, 0, 0 };
static void cyrix_set_all(void)
{
int i;
Reported by FlawFinder.
arch/x86/tools/relocs.c
8 issues
Line: 1024
CWE codes:
908
#endif
/* Collect up the relocations */
walk_relocs(do_reloc);
if (relocs16.count && !use_real_mode)
die("Segment relocations found but --realmode not specified\n");
/* Order the relocations for more efficient processing */
Reported by Cppcheck.
Line: 1024
CWE codes:
908
#endif
/* Collect up the relocations */
walk_relocs(do_reloc);
if (relocs16.count && !use_real_mode)
die("Segment relocations found but --realmode not specified\n");
/* Order the relocations for more efficient processing */
Reported by Cppcheck.
Line: 564
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (sym->st_shndx != SHN_ABS) {
continue;
}
printf(format,
j, sym->st_value, sym->st_size,
sym_type(ELF_ST_TYPE(sym->st_info)),
sym_bind(ELF_ST_BIND(sym->st_info)),
sym_visibility(ELF_ST_VISIBILITY(sym->st_other)),
name);
Reported by FlawFinder.
Line: 636
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
printed = 1;
}
printf(format,
rel->r_offset,
rel->r_info,
rel_type(ELF_R_TYPE(rel->r_info)),
sym->st_value,
name);
Reported by FlawFinder.
Line: 40
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct section *secs;
static const char * const sym_regex_kernel[S_NSYMTYPES] = {
/*
* Following symbols have been audited. There values are constant and do
* not change if bzImage is loaded at a different physical address than
* the address for which it has been compiled. Don't warn user about
* absolute relocations present w.r.t these symbols.
Reported by FlawFinder.
Line: 85
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static const char * const sym_regex_realmode[S_NSYMTYPES] = {
/*
* These symbols are known to be relative, even if the linker marks them
* as absolute (typically defined outside any section in the linker script.)
*/
[S_REL] =
Reported by FlawFinder.
Line: 118
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void regex_init(int use_real_mode)
{
char errbuf[128];
int err;
int i;
if (use_real_mode)
sym_regex = sym_regex_realmode;
Reported by FlawFinder.
Line: 993
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write32(uint32_t v, FILE *f)
{
unsigned char buf[4];
put_unaligned_le32(v, buf);
return fwrite(buf, 1, 4, f) == 4 ? 0 : -1;
}
Reported by FlawFinder.
arch/ia64/kernel/salinfo.c
8 issues
Line: 148
Column: 8
CWE codes:
362
u64 log_size;
u8 *oemdata; /* decoded oem data */
u64 oemdata_size;
int open; /* single-open to prevent races */
u8 type;
u8 saved_num; /* using a saved record? */
enum salinfo_state state :8; /* processing state */
u8 padding;
int cpu_check; /* next CPU to check */
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void
shift1_data_saved (struct salinfo_data *data, int shift)
{
memcpy(data->data_saved+shift, data->data_saved+shift+1,
(ARRAY_SIZE(data->data_saved) - (shift+1)) * sizeof(data->data_saved[0]));
memset(data->data_saved + ARRAY_SIZE(data->data_saved) - 1, 0,
sizeof(data->data_saved[0]));
}
Reported by FlawFinder.
Line: 258
Column: 13
CWE codes:
362
static void
salinfo_timeout_check(struct salinfo_data *data)
{
if (!data->open)
return;
if (!cpumask_empty(&data->cpu_event))
wake_up_interruptible(&data->read_wait);
}
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
salinfo_event_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
{
struct salinfo_data *data = PDE_DATA(file_inode(file));
char cmd[32];
size_t size;
int i, n, cpu = -1;
retry:
if (cpumask_empty(&data->cpu_event)) {
Reported by FlawFinder.
Line: 349
Column: 12
CWE codes:
362
return -EPERM;
spin_lock(&data_lock);
if (data->open) {
spin_unlock(&data_lock);
return -EBUSY;
}
data->open = 1;
spin_unlock(&data_lock);
Reported by FlawFinder.
Line: 410
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (data_saved->buffer && data_saved->cpu == cpu) {
sal_log_record_header_t *rh = (sal_log_record_header_t *)(data_saved->buffer);
data->log_size = data_saved->size;
memcpy(data->log_buffer, rh, data->log_size);
barrier(); /* id check must not be moved */
if (rh->id == data_saved->id) {
data->saved_num = i+1;
break;
}
Reported by FlawFinder.
Line: 498
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
salinfo_log_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
{
struct salinfo_data *data = PDE_DATA(file_inode(file));
char cmd[32];
size_t size;
u32 offset;
int cpu;
size = sizeof(cmd);
Reported by FlawFinder.
Line: 325
Column: 9
CWE codes:
126
snprintf(cmd, sizeof(cmd), "read %d\n", cpu);
size = strlen(cmd);
if (size > count)
size = count;
if (copy_to_user(buffer, cmd, size))
return -EFAULT;
Reported by FlawFinder.