The following issues were found
fs/nfs/nfs4xdr.c
35 issues
Line: 1652
Column: 81
CWE codes:
362
20
Suggestion:
Reconsider approach
attrs[2] & readdir->bitmask[2]);
}
static void encode_readlink(struct xdr_stream *xdr, const struct nfs4_readlink *readlink, struct rpc_rqst *req, struct compound_hdr *hdr)
{
encode_op_hdr(xdr, OP_READLINK, decode_readlink_maxsz, hdr);
}
static void encode_remove(struct xdr_stream *xdr, const struct qstr *name, struct compound_hdr *hdr)
Reported by FlawFinder.
Line: 1200
Column: 55
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* out: */
}
static void encode_access(struct xdr_stream *xdr, u32 access, struct compound_hdr *hdr)
{
encode_op_hdr(xdr, OP_ACCESS, decode_access_maxsz, hdr);
encode_uint32(xdr, access);
}
Reported by FlawFinder.
Line: 1203
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void encode_access(struct xdr_stream *xdr, u32 access, struct compound_hdr *hdr)
{
encode_op_hdr(xdr, OP_ACCESS, decode_access_maxsz, hdr);
encode_uint32(xdr, access);
}
static void encode_close(struct xdr_stream *xdr, const struct nfs_closeargs *arg, struct compound_hdr *hdr)
{
encode_op_hdr(xdr, OP_CLOSE, decode_close_maxsz, hdr);
Reported by FlawFinder.
Line: 2137
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
encode_compound_hdr(xdr, req, &hdr);
encode_sequence(xdr, &args->seq_args, &hdr);
encode_putfh(xdr, args->fh, &hdr);
encode_access(xdr, args->access, &hdr);
if (args->bitmask)
encode_getfattr(xdr, args->bitmask, &hdr);
encode_nops(&hdr);
}
Reported by FlawFinder.
Line: 2350
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
encode_putfh(xdr, args->fh, &hdr);
encode_open(xdr, args, &hdr);
encode_getfh(xdr, &hdr);
if (args->access)
encode_access(xdr, args->access, &hdr);
encode_getfattr_open(xdr, args->bitmask, args->open_bitmap, &hdr);
if (args->lg_args) {
encode_layoutget(xdr, args->lg_args, &hdr);
rpc_prepare_reply_pages(req, args->lg_args->layout.pages, 0,
Reported by FlawFinder.
Line: 2351
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
encode_open(xdr, args, &hdr);
encode_getfh(xdr, &hdr);
if (args->access)
encode_access(xdr, args->access, &hdr);
encode_getfattr_open(xdr, args->bitmask, args->open_bitmap, &hdr);
if (args->lg_args) {
encode_layoutget(xdr, args->lg_args, &hdr);
rpc_prepare_reply_pages(req, args->lg_args->layout.pages, 0,
args->lg_args->layout.pglen,
Reported by FlawFinder.
Line: 2396
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
encode_sequence(xdr, &args->seq_args, &hdr);
encode_putfh(xdr, args->fh, &hdr);
encode_open(xdr, args, &hdr);
if (args->access)
encode_access(xdr, args->access, &hdr);
encode_getfattr_open(xdr, args->bitmask, args->open_bitmap, &hdr);
if (args->lg_args) {
encode_layoutget(xdr, args->lg_args, &hdr);
rpc_prepare_reply_pages(req, args->lg_args->layout.pages, 0,
Reported by FlawFinder.
Line: 2397
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
encode_putfh(xdr, args->fh, &hdr);
encode_open(xdr, args, &hdr);
if (args->access)
encode_access(xdr, args->access, &hdr);
encode_getfattr_open(xdr, args->bitmask, args->open_bitmap, &hdr);
if (args->lg_args) {
encode_layoutget(xdr, args->lg_args, &hdr);
rpc_prepare_reply_pages(req, args->lg_args->layout.pages, 0,
args->lg_args->layout.pglen,
Reported by FlawFinder.
Line: 4275
Column: 71
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return 0;
}
static int decode_access(struct xdr_stream *xdr, u32 *supported, u32 *access)
{
__be32 *p;
uint32_t supp, acc;
int status;
Reported by FlawFinder.
Line: 6148
Column: 53
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
status = decode_putfh(xdr);
if (status != 0)
goto out;
status = decode_access(xdr, &res->supported, &res->access);
if (status != 0)
goto out;
if (res->fattr)
decode_getfattr(xdr, res->fattr, res->server);
out:
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
35 issues
Line: 241
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
info->fw_version = amdgpu_get_firmware_version(cgs_device, type);
info->feature_version = (uint16_t)le32_to_cpu(header->ucode_feature_version);
} else {
char fw_name[30] = {0};
int err = 0;
uint32_t ucode_size;
uint32_t ucode_start_address;
const uint8_t *src;
const struct smc_firmware_header_v1_0 *hdr;
Reported by FlawFinder.
Line: 253
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!adev->pm.fw) {
switch (adev->asic_type) {
case CHIP_TAHITI:
strcpy(fw_name, "radeon/tahiti_smc.bin");
break;
case CHIP_PITCAIRN:
if ((adev->pdev->revision == 0x81) &&
((adev->pdev->device == 0x6810) ||
(adev->pdev->device == 0x6811))) {
Reported by FlawFinder.
Line: 260
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
((adev->pdev->device == 0x6810) ||
(adev->pdev->device == 0x6811))) {
info->is_kicker = true;
strcpy(fw_name, "radeon/pitcairn_k_smc.bin");
} else {
strcpy(fw_name, "radeon/pitcairn_smc.bin");
}
break;
case CHIP_VERDE:
Reported by FlawFinder.
Line: 262
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
info->is_kicker = true;
strcpy(fw_name, "radeon/pitcairn_k_smc.bin");
} else {
strcpy(fw_name, "radeon/pitcairn_smc.bin");
}
break;
case CHIP_VERDE:
if (((adev->pdev->device == 0x6820) &&
((adev->pdev->revision == 0x81) ||
Reported by FlawFinder.
Line: 276
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
((adev->pdev->device == 0x6823) ||
(adev->pdev->device == 0x682b)))) {
info->is_kicker = true;
strcpy(fw_name, "radeon/verde_k_smc.bin");
} else {
strcpy(fw_name, "radeon/verde_smc.bin");
}
break;
case CHIP_OLAND:
Reported by FlawFinder.
Line: 278
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
info->is_kicker = true;
strcpy(fw_name, "radeon/verde_k_smc.bin");
} else {
strcpy(fw_name, "radeon/verde_smc.bin");
}
break;
case CHIP_OLAND:
if (((adev->pdev->revision == 0x81) &&
((adev->pdev->device == 0x6600) ||
Reported by FlawFinder.
Line: 290
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
((adev->pdev->revision == 0x83) &&
(adev->pdev->device == 0x6610))) {
info->is_kicker = true;
strcpy(fw_name, "radeon/oland_k_smc.bin");
} else {
strcpy(fw_name, "radeon/oland_smc.bin");
}
break;
case CHIP_HAINAN:
Reported by FlawFinder.
Line: 292
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
info->is_kicker = true;
strcpy(fw_name, "radeon/oland_k_smc.bin");
} else {
strcpy(fw_name, "radeon/oland_smc.bin");
}
break;
case CHIP_HAINAN:
if (((adev->pdev->revision == 0x81) &&
(adev->pdev->device == 0x6660)) ||
Reported by FlawFinder.
Line: 304
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
(adev->pdev->device == 0x6665) ||
(adev->pdev->device == 0x6667)))) {
info->is_kicker = true;
strcpy(fw_name, "radeon/hainan_k_smc.bin");
} else if ((adev->pdev->revision == 0xc3) &&
(adev->pdev->device == 0x6665)) {
info->is_kicker = true;
strcpy(fw_name, "radeon/banks_k_2_smc.bin");
} else {
Reported by FlawFinder.
Line: 308
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if ((adev->pdev->revision == 0xc3) &&
(adev->pdev->device == 0x6665)) {
info->is_kicker = true;
strcpy(fw_name, "radeon/banks_k_2_smc.bin");
} else {
strcpy(fw_name, "radeon/hainan_smc.bin");
}
break;
case CHIP_BONAIRE:
Reported by FlawFinder.
arch/s390/kernel/ptrace.c
35 issues
Line: 202
CWE codes:
476
struct user *dummy = NULL;
addr_t offset, tmp;
if (addr < (addr_t) &dummy->regs.acrs) {
/*
* psw and gprs are stored on the stack
*/
tmp = *(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr);
if (addr == (addr_t) &dummy->regs.psw.mask) {
Reported by Cppcheck.
Line: 207
CWE codes:
476
* psw and gprs are stored on the stack
*/
tmp = *(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr);
if (addr == (addr_t) &dummy->regs.psw.mask) {
/* Return a clean psw mask. */
tmp &= PSW_MASK_USER | PSW_MASK_RI;
tmp |= PSW_USER_BITS;
}
Reported by Cppcheck.
Line: 213
CWE codes:
476
tmp |= PSW_USER_BITS;
}
} else if (addr < (addr_t) &dummy->regs.orig_gpr2) {
/*
* access registers are stored in the thread structure
*/
offset = addr - (addr_t) &dummy->regs.acrs;
/*
Reported by Cppcheck.
Line: 217
CWE codes:
476
/*
* access registers are stored in the thread structure
*/
offset = addr - (addr_t) &dummy->regs.acrs;
/*
* Very special case: old & broken 64 bit gdb reading
* from acrs[15]. Result is a 64 bit value. Read the
* 32 bit acrs[15] value and shift it by 32. Sick...
*/
Reported by Cppcheck.
Line: 223
CWE codes:
476
* from acrs[15]. Result is a 64 bit value. Read the
* 32 bit acrs[15] value and shift it by 32. Sick...
*/
if (addr == (addr_t) &dummy->regs.acrs[15])
tmp = ((unsigned long) child->thread.acrs[15]) << 32;
else
tmp = *(addr_t *)((addr_t) &child->thread.acrs + offset);
} else if (addr == (addr_t) &dummy->regs.orig_gpr2) {
Reported by Cppcheck.
Line: 228
CWE codes:
476
else
tmp = *(addr_t *)((addr_t) &child->thread.acrs + offset);
} else if (addr == (addr_t) &dummy->regs.orig_gpr2) {
/*
* orig_gpr2 is stored on the kernel stack
*/
tmp = (addr_t) task_pt_regs(child)->orig_gpr2;
Reported by Cppcheck.
Line: 234
CWE codes:
476
*/
tmp = (addr_t) task_pt_regs(child)->orig_gpr2;
} else if (addr < (addr_t) &dummy->regs.fp_regs) {
/*
* prevent reads of padding hole between
* orig_gpr2 and fp_regs on s390.
*/
tmp = 0;
Reported by Cppcheck.
Line: 241
CWE codes:
476
*/
tmp = 0;
} else if (addr == (addr_t) &dummy->regs.fp_regs.fpc) {
/*
* floating point control reg. is in the thread structure
*/
tmp = child->thread.fpu.fpc;
tmp <<= BITS_PER_LONG - 32;
Reported by Cppcheck.
Line: 253
CWE codes:
476
* floating point regs. are either in child->thread.fpu
* or the child->thread.fpu.vxrs array
*/
offset = addr - (addr_t) &dummy->regs.fp_regs.fprs;
if (MACHINE_HAS_VX)
tmp = *(addr_t *)
((addr_t) child->thread.fpu.vxrs + 2*offset);
else
tmp = *(addr_t *)
Reported by Cppcheck.
Line: 265
CWE codes:
476
/*
* Handle access to the per_info structure.
*/
addr -= (addr_t) &dummy->regs.per_info;
tmp = __peek_user_per(child, addr);
} else
tmp = 0;
Reported by Cppcheck.
fs/nfsd/trace.h
35 issues
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 61
__field(u32, proc)
),
TP_fast_assign(
NFSD_TRACE_PROC_ARG_ASSIGNMENTS
__entry->vers = rqstp->rq_vers;
__entry->proc = rqstp->rq_proc;
),
TP_printk("xid=0x%08x vers=%u proc=%u",
Reported by Cppcheck.
Line: 394
DEFINE_NFSD_ERR_EVENT(read_err);
DEFINE_NFSD_ERR_EVENT(write_err);
TRACE_EVENT(nfsd_dirent,
TP_PROTO(struct svc_fh *fhp,
u64 ino,
const char *name,
int namlen),
TP_ARGS(fhp, ino, name, namlen),
Reported by Cppcheck.
Line: 394
DEFINE_NFSD_ERR_EVENT(read_err);
DEFINE_NFSD_ERR_EVENT(write_err);
TRACE_EVENT(nfsd_dirent,
TP_PROTO(struct svc_fh *fhp,
u64 ino,
const char *name,
int namlen),
TP_ARGS(fhp, ino, name, namlen),
Reported by Cppcheck.
Line: 394
DEFINE_NFSD_ERR_EVENT(read_err);
DEFINE_NFSD_ERR_EVENT(write_err);
TRACE_EVENT(nfsd_dirent,
TP_PROTO(struct svc_fh *fhp,
u64 ino,
const char *name,
int namlen),
TP_ARGS(fhp, ino, name, namlen),
Reported by Cppcheck.
drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
35 issues
Line: 1306
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return size;
size += sprintf(buf + size, "%d: %uMhz %s\n", i, value,
cur_value == value ? "*" : "");
}
} else {
ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, 0, &freq_values[0]);
if (ret)
Reported by FlawFinder.
Line: 1324
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
freq_values[1] = (freq_values[0] + freq_values[2]) / 2;
for (i = 0; i < 3; i++) {
size += sprintf(buf + size, "%d: %uMhz %s\n", i, freq_values[i],
i == mark_index ? "*" : "");
}
}
break;
Reported by FlawFinder.
Line: 1334
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
gen_speed = smu_v11_0_get_current_pcie_link_speed_level(smu);
lane_width = smu_v11_0_get_current_pcie_link_width_level(smu);
for (i = 0; i < NUM_LINK_LEVELS; i++)
size += sprintf(buf + size, "%d: %s %s %dMhz %s\n", i,
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 0) ? "2.5GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 1) ? "5.0GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 2) ? "8.0GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 3) ? "16.0GT/s," : "",
(dpm_context->dpm_tables.pcie_table.pcie_lane[i] == 1) ? "x1" :
Reported by FlawFinder.
Line: 1392
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SMU_OD_RANGE:
if (!smu->od_enabled || !od_table || !od_settings)
break;
size = sprintf(buf, "%s:\n", "OD_RANGE");
if (navi10_od_feature_is_supported(od_settings, SMU_11_0_ODCAP_GFXCLK_LIMITS)) {
navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_GFXCLKFMIN,
&min_value, NULL);
navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_GFXCLKFMAX,
Reported by FlawFinder.
Line: 1733
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!buf)
return -EINVAL;
size += sprintf(buf + size, "%16s %s %s %s %s %s %s %s %s %s %s\n",
title[0], title[1], title[2], title[3], title[4], title[5],
title[6], title[7], title[8], title[9], title[10]);
for (i = 0; i <= PP_SMC_POWER_PROFILE_CUSTOM; i++) {
/* conv PP_SMC_POWER_PROFILE* to WORKLOAD_PPLIB_*_BIT */
Reported by FlawFinder.
Line: 1753
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return result;
}
size += sprintf(buf + size, "%2d %14s%s:\n",
i, profile_name[i], (i == smu->power_profile_mode) ? "*" : " ");
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
0,
Reported by FlawFinder.
Line: 1756
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
size += sprintf(buf + size, "%2d %14s%s:\n",
i, profile_name[i], (i == smu->power_profile_mode) ? "*" : " ");
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
0,
"GFXCLK",
activity_monitor.Gfx_FPS,
activity_monitor.Gfx_MinFreqStep,
Reported by FlawFinder.
Line: 1770
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
activity_monitor.Gfx_PD_Data_error_coeff,
activity_monitor.Gfx_PD_Data_error_rate_coeff);
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
1,
"SOCCLK",
activity_monitor.Soc_FPS,
activity_monitor.Soc_MinFreqStep,
Reported by FlawFinder.
Line: 1784
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
activity_monitor.Soc_PD_Data_error_coeff,
activity_monitor.Soc_PD_Data_error_rate_coeff);
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
2,
"MEMLK",
activity_monitor.Mem_FPS,
activity_monitor.Mem_MinFreqStep,
Reported by FlawFinder.
Line: 434
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (smc_dpm_table->table_header.content_revision) {
case 5: /* nv10 and nv14 */
memcpy(smc_pptable->I2cControllers, smc_dpm_table->I2cControllers,
sizeof(*smc_dpm_table) - sizeof(smc_dpm_table->table_header));
break;
case 7: /* nv12 */
ret = amdgpu_atombios_get_data_table(adev, index, NULL, NULL, NULL,
(uint8_t **)&smc_dpm_table_v4_7);
Reported by FlawFinder.
fs/nfsd/nfs4recover.c
35 issues
Line: 1691
CWE codes:
476
return NULL;
len = strlen(LEGACY_TOPDIR_ENV_PREFIX) +
strlen(nfs4_recoverydir()) + 1;
result = kmalloc(len, GFP_KERNEL);
if (!result)
return result;
Reported by Cppcheck.
Line: 1698
CWE codes:
476
return result;
copied = snprintf(result, len, LEGACY_TOPDIR_ENV_PREFIX "%s",
nfs4_recoverydir());
if (copied >= len) {
/* just return nothing if output was truncated */
kfree(result);
return NULL;
}
Reported by Cppcheck.
Line: 1720
CWE codes:
476
/* +1 is for '/' between "topdir" and "recdir" */
len = strlen(LEGACY_RECDIR_ENV_PREFIX) +
strlen(nfs4_recoverydir()) + 1 + HEXDIR_LEN;
result = kmalloc(len, GFP_KERNEL);
if (!result)
return result;
Reported by Cppcheck.
Line: 1727
CWE codes:
476
return result;
copied = snprintf(result, len, LEGACY_RECDIR_ENV_PREFIX "%s/",
nfs4_recoverydir());
if (copied > (len - HEXDIR_LEN)) {
/* just return nothing if output will be truncated */
kfree(result);
return NULL;
}
Reported by Cppcheck.
Line: 661
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return status;
status = -ENOTDIR;
if (d_is_dir(path.dentry)) {
strcpy(user_recovery_dirname, recdir);
status = 0;
}
path_put(&path);
return status;
}
Reported by FlawFinder.
Line: 1697
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!result)
return result;
copied = snprintf(result, len, LEGACY_TOPDIR_ENV_PREFIX "%s",
nfs4_recoverydir());
if (copied >= len) {
/* just return nothing if output was truncated */
kfree(result);
return NULL;
Reported by FlawFinder.
Line: 1726
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!result)
return result;
copied = snprintf(result, len, LEGACY_RECDIR_ENV_PREFIX "%s/",
nfs4_recoverydir());
if (copied > (len - HEXDIR_LEN)) {
/* just return nothing if output will be truncated */
kfree(result);
return NULL;
Reported by FlawFinder.
Line: 1757
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!result)
return result;
copied = snprintf(result, len, HAS_SESSION_ENV_PREFIX "%c",
clp->cl_minorversion ? 'Y' : 'N');
if (copied >= len) {
/* just return nothing if output was truncated */
kfree(result);
return NULL;
Reported by FlawFinder.
Line: 1782
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!result)
return result;
copied = snprintf(result, len, GRACE_START_ENV_PREFIX "%lld",
grace_start);
if (copied >= len) {
/* just return nothing if output was truncated */
kfree(result);
return NULL;
Reported by FlawFinder.
Line: 70
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct nfsd4_client_tracking_ops nfsd4_cld_tracking_ops_v2;
/* Globals */
static char user_recovery_dirname[PATH_MAX] = "/var/lib/nfs/v4recovery";
static int
nfs4_save_creds(const struct cred **original_creds)
{
struct cred *new;
Reported by FlawFinder.
drivers/hwmon/lm93.c
35 issues
Line: 900
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (result == lm93_block_read_cmds[fbn].len) {
memcpy(values, lm93_block_buffer,
lm93_block_read_cmds[fbn].len);
} else {
/* <TODO> what to do in case of error? */
}
}
Reported by FlawFinder.
Line: 1107
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_IN_FROM_REG(nr, data->block3[nr]));
}
static SENSOR_DEVICE_ATTR_RO(in1_input, in, 0);
static SENSOR_DEVICE_ATTR_RO(in2_input, in, 1);
static SENSOR_DEVICE_ATTR_RO(in3_input, in, 2);
Reported by FlawFinder.
Line: 1141
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
rc = LM93_IN_FROM_REG(nr, data->block7[nr].min);
}
return sprintf(buf, "%ld\n", rc);
}
static ssize_t in_min_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1206
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
rc = LM93_IN_FROM_REG(nr, data->block7[nr].max);
}
return sprintf(buf, "%ld\n", rc);
}
static ssize_t in_max_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1262
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_TEMP_FROM_REG(data->block2[nr]));
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, 0);
static SENSOR_DEVICE_ATTR_RO(temp2_input, temp, 1);
static SENSOR_DEVICE_ATTR_RO(temp3_input, temp, 2);
Reported by FlawFinder.
Line: 1274
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_TEMP_FROM_REG(data->temp_lim[nr].min));
}
static ssize_t temp_min_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 1307
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_TEMP_FROM_REG(data->temp_lim[nr].max));
}
static ssize_t temp_max_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 1340
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_TEMP_FROM_REG(data->block10.base[nr]));
}
static ssize_t temp_auto_base_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1373
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
return sprintf(buf, "%d\n", LM93_TEMP_FROM_REG(data->boost[nr]));
}
static ssize_t temp_auto_boost_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1408
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = (to_sensor_dev_attr(attr))->index;
struct lm93_data *data = lm93_update_device(dev);
int mode = LM93_TEMP_OFFSET_MODE_FROM_REG(data->sfc2, nr);
return sprintf(buf, "%d\n",
LM93_AUTO_BOOST_HYST_FROM_REGS(data, nr, mode));
}
static ssize_t temp_auto_boost_hyst_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/net/wireless/intersil/prism54/isl_ioctl.c
35 issues
Line: 2073
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
BUG_ON(n >= IW_CUSTOM_MAX);
wrqu.data.pointer = memptr;
wrqu.data.length = n;
strcpy(memptr, str);
wireless_send_event(priv->ndev, IWEVCUSTOM, &wrqu, memptr);
kfree(memptr);
}
static void
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data = r.ptr;
/* copy this MAC to the bss */
memcpy(bss.address, data, ETH_ALEN);
kfree(data);
/* now ask for the corresponding bss */
mgt_get_request(priv, DOT11_OID_BSSFIND, 0, (void *) &bss, &r);
bss2 = r.ptr;
Reported by FlawFinder.
Line: 220
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* If the stats are being updated return old data */
if (mutex_trylock(&priv->stats_lock)) {
memcpy(&priv->iwstatistics, &priv->local_iwstatistics,
sizeof (struct iw_statistics));
/* They won't be marked updated for the next time */
priv->local_iwstatistics.qual.updated = 0;
mutex_unlock(&priv->stats_lock);
} else
Reported by FlawFinder.
Line: 525
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr *awrq, char *extra)
{
islpci_private *priv = netdev_priv(ndev);
char bssid[6];
int rvalue;
if (awrq->sa_family != ARPHRD_ETHER)
return -EINVAL;
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
/* prepare the structure for the set object */
memcpy(&bssid[0], awrq->sa_data, ETH_ALEN);
/* set the bssid -- does this make sense when in AP mode? */
rvalue = mgt_set_request(priv, DOT11_OID_BSSID, 0, &bssid);
return (rvalue ? rvalue : -EINPROGRESS); /* Call commit handler */
Reported by FlawFinder.
Line: 551
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int rvalue;
rvalue = mgt_get_request(priv, DOT11_OID_BSSID, 0, NULL, &r);
memcpy(awrq->sa_data, r.ptr, ETH_ALEN);
awrq->sa_family = ARPHRD_ETHER;
kfree(r.ptr);
return rvalue;
}
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t wpa_ie_len;
/* The first entry must be the MAC address */
memcpy(iwe.u.ap_addr.sa_data, bss->address, ETH_ALEN);
iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
iwe.cmd = SIOCGIWAP;
current_ev = iwe_stream_add_event(info, current_ev, end_buf,
&iwe, IW_EV_ADDR_LEN);
Reported by FlawFinder.
Line: 746
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dwrq->length > 32)
return -E2BIG;
essid.length = dwrq->length;
memcpy(essid.octets, extra, dwrq->length);
} else
essid.length = 0;
if (priv->iw_mode != IW_MODE_MONITOR)
return mgt_set_request(priv, DOT11_OID_SSID, 0, &essid);
Reported by FlawFinder.
Line: 780
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dwrq->length = 0;
}
essid->octets[dwrq->length] = '\0';
memcpy(extra, essid->octets, dwrq->length);
kfree(essid);
return rvalue;
}
Reported by FlawFinder.
Line: 800
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
down_write(&priv->mib_sem);
memset(priv->nickname, 0, sizeof (priv->nickname));
memcpy(priv->nickname, extra, dwrq->length);
up_write(&priv->mib_sem);
return 0;
}
Reported by FlawFinder.
tools/perf/ui/browsers/hists.c
35 issues
Line: 2191
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
while (1) {
scnprintf(filename, sizeof(filename), "perf.hist.%d", browser->print_seq);
if (access(filename, F_OK))
break;
/*
* XXX: Just an arbitrary lazy upper limit
*/
if (++browser->print_seq == 8192) {
Reported by FlawFinder.
Line: 2480
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct symbol *sym;
char name[64];
snprintf(name, sizeof(name), "%.*" PRIx64, BITS_PER_LONG / 4, addr);
sym = symbol__new(addr, ANNOTATION_DUMMY_LEN, 0, 0, name);
if (sym) {
src = symbol__hists(sym, 1);
if (!src) {
Reported by FlawFinder.
Line: 2351
Column: 8
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int nr_options = 0, choice = -1, ret = -1;
struct dirent *dent;
pwd = getenv("PWD");
if (!pwd)
return ret;
pwd_dir = opendir(pwd);
if (!pwd_dir)
Reported by FlawFinder.
Line: 756
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int hist_browser__run(struct hist_browser *browser, const char *help,
bool warn_lost_event, int key)
{
char title[160];
struct hist_browser_timer *hbt = browser->hbt;
int delay_secs = hbt ? hbt->refresh : 0;
browser->b.entries = &browser->hists->entries;
browser->b.nr_entries = hist_browser__nr_entries(browser);
Reported by FlawFinder.
Line: 861
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
print_callchain_entry_fn print,
struct callchain_print_arg *arg)
{
char bf[1024], *alloc_str;
char buf[64], *alloc_str2;
const char *str;
int ret = 1;
if (arg->row_offset != 0) {
Reported by FlawFinder.
Line: 862
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct callchain_print_arg *arg)
{
char bf[1024], *alloc_str;
char buf[64], *alloc_str2;
const char *str;
int ret = 1;
if (arg->row_offset != 0) {
arg->row_offset--;
Reported by FlawFinder.
Line: 1000
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct callchain_list *chain,
char *value_str, char *old_str)
{
char bf[1024];
const char *str;
char *new;
str = callchain_list__sym_name(chain, bf, sizeof(bf),
browser->show_dso);
Reported by FlawFinder.
Line: 1051
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (need_percent) {
char buf[64];
callchain_node__scnprintf_value(child, buf, sizeof(buf), total);
if (asprintf(&value_str, "%s", buf) < 0) {
value_str = (char *)"<...>";
goto do_print;
Reported by FlawFinder.
Line: 1339
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ui_browser__gotorc(&browser->b, row, 0);
hists__for_each_format(browser->hists, fmt) {
char s[2048];
struct perf_hpp hpp = {
.buf = s,
.size = sizeof(s),
.ptr = &arg,
};
Reported by FlawFinder.
Line: 1459
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fmt_node = list_first_entry(&entry->hists->hpp_formats,
struct perf_hpp_list_node, list);
perf_hpp_list__for_each_format(&fmt_node->hpp, fmt) {
char s[2048];
struct perf_hpp hpp = {
.buf = s,
.size = sizeof(s),
.ptr = &arg,
};
Reported by FlawFinder.
tools/testing/nvdimm/test/nfit.c
35 issues
Line: 224
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct gen_pool *nfit_pool;
static const char zero_key[NVDIMM_PASSPHRASE_LEN];
static struct nfit_test *to_nfit_test(struct device *dev)
{
struct platform_device *pdev = to_platform_device(dev);
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd_cmd->status = 0;
len = min(nd_cmd->in_length, LABEL_SIZE - offset);
memcpy(nd_cmd->out_buf, label + offset, len);
rc = buf_len - sizeof(*nd_cmd) - len;
return rc;
}
Reported by FlawFinder.
Line: 504
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
status = (void *)nd_cmd + nd_cmd->in_length + sizeof(*nd_cmd);
*status = 0;
len = min(nd_cmd->in_length, LABEL_SIZE - offset);
memcpy(label + offset, nd_cmd->in_buf, len);
rc = buf_len - sizeof(*nd_cmd) - (len + 4);
return rc;
}
Reported by FlawFinder.
Line: 608
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ars_status->out_length = sizeof(*ars_status);
*cmd_rc = -EBUSY;
} else {
memcpy(ars_status, ars_state->ars_status,
ars_state->ars_status->out_length);
*cmd_rc = 0;
}
spin_unlock(&ars_state->lock);
return 0;
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (buf_len < sizeof(*smart))
return -EINVAL;
memcpy(smart, smart_data, sizeof(*smart));
return 0;
}
static int nfit_test_cmd_smart_threshold(
struct nd_intel_smart_threshold *out,
Reported by FlawFinder.
Line: 728
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (buf_len < sizeof(*smart_t))
return -EINVAL;
memcpy(out, smart_t, sizeof(*smart_t));
return 0;
}
static void smart_notify(struct device *bus_dev,
struct device *dimm_dev, struct nd_intel_smart *smart,
Reported by FlawFinder.
Line: 770
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = sizeof(*in) - 4;
if (buf_len < size)
return -EINVAL;
memcpy(thresh->data, in, size);
in->status = 0;
smart_notify(bus_dev, dimm_dev, smart, thresh);
return 0;
}
Reported by FlawFinder.
Line: 1000
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd_cmd->status = ND_INTEL_STATUS_INVALID_PASS;
dev_dbg(dev, "set passphrase: wrong passphrase\n");
} else {
memcpy(sec->passphrase, nd_cmd->new_pass,
ND_INTEL_PASSPHRASE_SIZE);
sec->state |= ND_INTEL_SEC_STATE_ENABLED;
nd_cmd->status = 0;
dev_dbg(dev, "passphrase updated\n");
}
Reported by FlawFinder.
Line: 1148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd_cmd->status = ND_INTEL_STATUS_INVALID_PASS;
dev_dbg(dev, "master set passphrase: wrong passphrase\n");
} else {
memcpy(sec->master_passphrase, nd_cmd->new_pass,
ND_INTEL_PASSPHRASE_SIZE);
sec->ext_state = ND_INTEL_SEC_ESTATE_ENABLED;
dev_dbg(dev, "master passphrase: updated\n");
}
Reported by FlawFinder.
Line: 1736
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (dimm < 0)
return dimm;
return sprintf(buf, "%#x\n", handle[dimm]);
}
DEVICE_ATTR_RO(handle);
static ssize_t fail_cmd_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.