The following issues were found
arch/powerpc/platforms/cell/spufs/coredump.c
7 issues
Line: 34
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
name = spufs_coredump_read[i].name;
sz = spufs_coredump_read[i].size;
sprintf(fullname, "SPU/%d/%s", dfd, name);
total += sizeof(struct elf_note);
total += roundup(strlen(fullname) + 1, 4);
total += roundup(sz, 4);
}
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct elf_note en;
int ret;
sprintf(fullname, "SPU/%d/%s", dfd, spufs_coredump_read[i].name);
en.n_namesz = strlen(fullname) + 1;
en.n_descsz = sz;
en.n_type = NT_SPU;
if (!dump_emit(cprm, &en, sizeof(en)))
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i, sz, total = 0;
char *name;
char fullname[80];
for (i = 0; spufs_coredump_read[i].name != NULL; i++) {
name = spufs_coredump_read[i].name;
sz = spufs_coredump_read[i].size;
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct coredump_params *cprm, int dfd)
{
size_t sz = spufs_coredump_read[i].size;
char fullname[80];
struct elf_note en;
int ret;
sprintf(fullname, "SPU/%d/%s", dfd, spufs_coredump_read[i].name);
en.n_namesz = strlen(fullname) + 1;
Reported by FlawFinder.
Line: 140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (ret < 0)
return ret;
} else {
char buf[32];
ret = snprintf(buf, sizeof(buf), "0x%.16llx",
spufs_coredump_read[i].get(ctx));
if (ret >= sizeof(buf))
return sizeof(buf);
Reported by FlawFinder.
Line: 37
Column: 20
CWE codes:
126
sprintf(fullname, "SPU/%d/%s", dfd, name);
total += sizeof(struct elf_note);
total += roundup(strlen(fullname) + 1, 4);
total += roundup(sz, 4);
}
return total;
}
Reported by FlawFinder.
Line: 124
Column: 16
CWE codes:
126
int ret;
sprintf(fullname, "SPU/%d/%s", dfd, spufs_coredump_read[i].name);
en.n_namesz = strlen(fullname) + 1;
en.n_descsz = sz;
en.n_type = NT_SPU;
if (!dump_emit(cprm, &en, sizeof(en)))
return -EIO;
Reported by FlawFinder.
arch/powerpc/kernel/cacheinfo.c
7 issues
Line: 624
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cache = index_kobj_to_cache(k);
return sprintf(buf, "%s\n", cache_type_string(cache));
}
static struct kobj_attribute cache_type_attr =
__ATTR(type, 0444, type_show, NULL);
Reported by FlawFinder.
Line: 60
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* on by cache instructions), so we look for -line-size first.
* See cache_get_line_size(). */
const char *line_size_props[2];
const char *nr_sets_prop;
};
/* These are used to index the cache_type_info array. */
#define CACHE_TYPE_UNIFIED 0 /* cache-size, cache-block-size, etc. */
Reported by FlawFinder.
Line: 563
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cache_size_kb(cache, &size_kb))
return -ENODEV;
return sprintf(buf, "%uK\n", size_kb);
}
static struct kobj_attribute cache_size_attr =
__ATTR(size, 0444, size_show, NULL);
Reported by FlawFinder.
Line: 580
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cache_get_line_size(cache, &line_size))
return -ENODEV;
return sprintf(buf, "%u\n", line_size);
}
static struct kobj_attribute cache_line_size_attr =
__ATTR(coherency_line_size, 0444, line_size_show, NULL);
Reported by FlawFinder.
Line: 596
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cache_nr_sets(cache, &nr_sets))
return -ENODEV;
return sprintf(buf, "%u\n", nr_sets);
}
static struct kobj_attribute cache_nr_sets_attr =
__ATTR(number_of_sets, 0444, nr_sets_show, NULL);
Reported by FlawFinder.
Line: 612
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cache_associativity(cache, &associativity))
return -ENODEV;
return sprintf(buf, "%u\n", associativity);
}
static struct kobj_attribute cache_assoc_attr =
__ATTR(ways_of_associativity, 0444, associativity_show, NULL);
Reported by FlawFinder.
Line: 638
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
index = kobj_to_cache_index_dir(k);
cache = index->cache;
return sprintf(buf, "%d\n", cache->level);
}
static struct kobj_attribute cache_level_attr =
__ATTR(level, 0444, level_show, NULL);
Reported by FlawFinder.
arch/powerpc/kernel/mce.c
7 issues
Line: 238
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local_paca->mce_info->mce_ue_count--;
return;
}
memcpy(&local_paca->mce_info->mce_ue_event_queue[index],
evt, sizeof(*evt));
/* Queue work to process this event later. */
irq_work_queue(&mce_ue_event_irq_work);
}
Reported by FlawFinder.
Line: 262
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local_paca->mce_info->mce_queue_count--;
return;
}
memcpy(&local_paca->mce_info->mce_event_queue[index],
&evt, sizeof(evt));
/* Queue irq work to process this event later. */
irq_work_queue(&mce_event_process_work);
}
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *level, *sevstr, *subtype, *err_type, *initiator;
uint64_t ea = 0, pa = 0;
int n = 0;
char dar_str[50];
char pa_str[50];
static const char *mc_ue_types[] = {
"Indeterminate",
"Instruction fetch",
"Page table walk ifetch",
Reported by FlawFinder.
Line: 360
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint64_t ea = 0, pa = 0;
int n = 0;
char dar_str[50];
char pa_str[50];
static const char *mc_ue_types[] = {
"Indeterminate",
"Instruction fetch",
"Page table walk ifetch",
"Load/Store",
Reported by FlawFinder.
Line: 548
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dar_str[0] = pa_str[0] = '\0';
if (ea && evt->srr0 != ea) {
/* Load/Store address */
n = sprintf(dar_str, "DAR: %016llx ", ea);
if (pa)
sprintf(dar_str + n, "paddr: %016llx ", pa);
} else if (pa) {
sprintf(pa_str, " paddr: %016llx", pa);
}
Reported by FlawFinder.
Line: 550
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Load/Store address */
n = sprintf(dar_str, "DAR: %016llx ", ea);
if (pa)
sprintf(dar_str + n, "paddr: %016llx ", pa);
} else if (pa) {
sprintf(pa_str, " paddr: %016llx", pa);
}
printk("%sMCE: CPU%d: machine check (%s) %s %s %s %s[%s]\n",
Reported by FlawFinder.
Line: 552
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pa)
sprintf(dar_str + n, "paddr: %016llx ", pa);
} else if (pa) {
sprintf(pa_str, " paddr: %016llx", pa);
}
printk("%sMCE: CPU%d: machine check (%s) %s %s %s %s[%s]\n",
level, evt->cpu, sevstr, in_guest ? "Guest" : "",
err_type, subtype, dar_str,
Reported by FlawFinder.
arch/powerpc/lib/sstep.c
7 issues
Line: 735
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* whole vector; lxv[x] or lxvl[l] */
if (size == 0)
break;
memcpy(reg, mem, size);
if (IS_LE && (op->vsx_flags & VSX_LDLEFT))
rev = !rev;
if (rev)
do_byte_reverse(reg, size);
break;
Reported by FlawFinder.
Line: 745
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* scalar loads, lxvd2x, lxvdsx */
read_size = (size >= 8) ? 8 : size;
i = IS_LE ? 8 : 8 - read_size;
memcpy(®->b[i], mem, read_size);
if (rev)
do_byte_reverse(®->b[i], 8);
if (size < 8) {
if (op->type & SIGNEXT) {
/* size == 4 is the only case here */
Reported by FlawFinder.
Line: 826
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf32[0].d[1] = byterev_8(reg[1].d[0]);
buf32[1].d[0] = byterev_8(reg[0].d[1]);
buf32[1].d[1] = byterev_8(reg[0].d[0]);
memcpy(mem, buf32, size);
} else {
memcpy(mem, reg, size);
}
break;
case 16:
Reported by FlawFinder.
Line: 828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf32[1].d[1] = byterev_8(reg[0].d[0]);
memcpy(mem, buf32, size);
} else {
memcpy(mem, reg, size);
}
break;
case 16:
/* stxv, stxvx, stxvl, stxvll */
if (size == 0)
Reported by FlawFinder.
Line: 843
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf.d[1] = byterev_8(reg->d[0]);
reg = &buf;
}
memcpy(mem, reg, size);
break;
case 8:
/* scalar stores, stxvd2x */
write_size = (size >= 8) ? 8 : size;
i = IS_LE ? 8 : 8 - write_size;
Reported by FlawFinder.
Line: 856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
preempt_enable();
reg = &buf;
}
memcpy(mem, ®->b[i], write_size);
if (size == 16)
memcpy(mem + 8, ®->d[IS_BE], 8);
if (unlikely(rev)) {
do_byte_reverse(mem, write_size);
if (size == 16)
Reported by FlawFinder.
Line: 858
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(mem, ®->b[i], write_size);
if (size == 16)
memcpy(mem + 8, ®->d[IS_BE], 8);
if (unlikely(rev)) {
do_byte_reverse(mem, write_size);
if (size == 16)
do_byte_reverse(mem + 8, 8);
}
Reported by FlawFinder.
arch/x86/kvm/vmx/vmx.c
7 issues
Line: 358
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param)))
return sprintf(s, "???\n");
return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
}
static const struct kernel_param_ops vmentry_l1d_flush_ops = {
.set = vmentry_l1d_flush_set,
.get = vmentry_l1d_flush_get,
Reported by FlawFinder.
Line: 356
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
{
if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param)))
return sprintf(s, "???\n");
return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
}
static const struct kernel_param_ops vmentry_l1d_flush_ops = {
Reported by FlawFinder.
Line: 3735
Column: 46
CWE codes:
120
20
if (idx != -ENOENT) {
if (type & MSR_TYPE_R)
clear_bit(idx, vmx->shadow_msr_intercept.read);
if (type & MSR_TYPE_W)
clear_bit(idx, vmx->shadow_msr_intercept.write);
}
}
Reported by FlawFinder.
Line: 3780
Column: 44
CWE codes:
120
20
if (idx != -ENOENT) {
if (type & MSR_TYPE_R)
set_bit(idx, vmx->shadow_msr_intercept.read);
if (type & MSR_TYPE_W)
set_bit(idx, vmx->shadow_msr_intercept.write);
}
}
Reported by FlawFinder.
Line: 3909
Column: 53
CWE codes:
120
20
*/
for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
u32 msr = vmx_possible_passthrough_msrs[i];
bool read = test_bit(i, vmx->shadow_msr_intercept.read);
bool write = test_bit(i, vmx->shadow_msr_intercept.write);
vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_R, read);
vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_W, write);
}
Reported by FlawFinder.
Line: 3912
Column: 52
CWE codes:
120
20
bool read = test_bit(i, vmx->shadow_msr_intercept.read);
bool write = test_bit(i, vmx->shadow_msr_intercept.write);
vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_R, read);
vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_W, write);
}
pt_update_intercept_for_msr(vcpu);
vmx_update_msr_bitmap_x2apic(vcpu, vmx_msr_bitmap_mode(vcpu));
Reported by FlawFinder.
Line: 6823
Column: 40
CWE codes:
120
20
goto free_pml;
/* The MSR bitmap starts with all ones */
bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS);
bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSRS);
vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R);
#ifdef CONFIG_X86_64
vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
Reported by FlawFinder.
arch/x86/kvm/trace.h
7 issues
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 173
__entry->count = count;
if (size == 1)
__entry->val = *(unsigned char *)data;
else if (size == 2)
__entry->val = *(unsigned short *)data;
else
__entry->val = *(unsigned int *)data;
),
Reported by Cppcheck.
Line: 796
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->len = vcpu->arch.emulate_ctxt->fetch.ptr
- vcpu->arch.emulate_ctxt->fetch.data;
__entry->rip = vcpu->arch.emulate_ctxt->_eip - __entry->len;
memcpy(__entry->insn,
vcpu->arch.emulate_ctxt->fetch.data,
15);
__entry->flags = kei_decode_mode(vcpu->arch.emulate_ctxt->mode);
__entry->failed = failed;
),
Reported by FlawFinder.
arch/arm/mach-rpc/ecard.h
7 issues
Line: 26
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char r_r2:8;
unsigned char r_prod[2];
unsigned char r_manu[2];
unsigned char r_country;
Reported by FlawFinder.
Line: 28
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char r_prod[2];
unsigned char r_manu[2];
unsigned char r_country;
unsigned char r_fiqmask;
unsigned char r_fiqoff[3];
Reported by FlawFinder.
Line: 33
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char r_country;
unsigned char r_fiqmask;
unsigned char r_fiqoff[3];
unsigned char r_irqmask;
unsigned char r_irqoff[3];
};
Reported by FlawFinder.
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char r_fiqoff[3];
unsigned char r_irqmask;
unsigned char r_irqoff[3];
};
/*
* Chunk directory entry as read from the card
*/
Reported by FlawFinder.
Line: 44
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ex_chunk_dir {
unsigned char r_id;
unsigned char r_len[3];
unsigned long r_start;
union {
char string[256];
char data[1];
} d;
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char r_len[3];
unsigned long r_start;
union {
char string[256];
char data[1];
} d;
#define c_id(x) ((x)->r_id)
#define c_len(x) ((x)->r_len[0]|((x)->r_len[1]<<8)|((x)->r_len[2]<<16))
#define c_start(x) ((x)->r_start)
Reported by FlawFinder.
Line: 48
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long r_start;
union {
char string[256];
char data[1];
} d;
#define c_id(x) ((x)->r_id)
#define c_len(x) ((x)->r_len[0]|((x)->r_len[1]<<8)|((x)->r_len[2]<<16))
#define c_start(x) ((x)->r_start)
};
Reported by FlawFinder.
arch/x86/kernel/umip.c
7 issues
Line: 85
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define UMIP_INST_SLDT 3 /* 0F 00 /0 */
#define UMIP_INST_STR 4 /* 0F 00 /1 */
static const char * const umip_insns[5] = {
[UMIP_INST_SGDT] = "SGDT",
[UMIP_INST_SIDT] = "SIDT",
[UMIP_INST_SMSW] = "SMSW",
[UMIP_INST_SLDT] = "SLDT",
[UMIP_INST_STR] = "STR",
Reported by FlawFinder.
Line: 243
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
*data_size = UMIP_GDT_IDT_BASE_SIZE_32BIT;
memcpy(data + 2, &dummy_base_addr, *data_size);
*data_size += UMIP_GDT_IDT_LIMIT_SIZE;
memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE);
} else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT ||
Reported by FlawFinder.
Line: 246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(data + 2, &dummy_base_addr, *data_size);
*data_size += UMIP_GDT_IDT_LIMIT_SIZE;
memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE);
} else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT ||
umip_inst == UMIP_INST_STR) {
unsigned long dummy_value;
Reported by FlawFinder.
Line: 282
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
*data_size = 2;
memcpy(data, &dummy_value, *data_size);
} else {
return -EINVAL;
}
return 0;
Reported by FlawFinder.
Line: 340
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int nr_copied, reg_offset, dummy_data_size, umip_inst;
/* 10 bytes is the maximum size of the result of UMIP instructions */
unsigned char dummy_data[10] = { 0 };
unsigned char buf[MAX_INSN_SIZE];
unsigned long *reg_addr;
void __user *uaddr;
struct insn insn;
Reported by FlawFinder.
Line: 341
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nr_copied, reg_offset, dummy_data_size, umip_inst;
/* 10 bytes is the maximum size of the result of UMIP instructions */
unsigned char dummy_data[10] = { 0 };
unsigned char buf[MAX_INSN_SIZE];
unsigned long *reg_addr;
void __user *uaddr;
struct insn insn;
if (!regs)
Reported by FlawFinder.
Line: 391
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
reg_addr = (unsigned long *)((unsigned long)regs + reg_offset);
memcpy(reg_addr, dummy_data, dummy_data_size);
} else {
uaddr = insn_get_addr_ref(&insn, regs);
if ((unsigned long)uaddr == -1L)
return false;
Reported by FlawFinder.
arch/x86/kernel/kexec-bzimage64.c
7 issues
Line: 77
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
uint32_t cmdline_low_32, cmdline_ext_32;
if (image->type == KEXEC_TYPE_CRASH) {
len = sprintf(cmdline_ptr,
"elfcorehdr=0x%lx ", image->elf_load_addr);
}
memcpy(cmdline_ptr + len, cmdline, cmdline_len);
cmdline_len += len;
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = sprintf(cmdline_ptr,
"elfcorehdr=0x%lx ", image->elf_load_addr);
}
memcpy(cmdline_ptr + len, cmdline, cmdline_len);
cmdline_len += len;
cmdline_ptr[cmdline_len - 1] = '\0';
pr_debug("Final command line is: %s\n", cmdline_ptr);
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nr_e820_entries = E820_MAX_ENTRIES_ZEROPAGE;
params->e820_entries = nr_e820_entries;
memcpy(¶ms->e820_table, &e820_table_kexec->entries, nr_e820_entries*sizeof(struct e820_entry));
return 0;
}
#ifdef CONFIG_EFI
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
params->hdr.hardware_subarch = boot_params.hdr.hardware_subarch;
/* Copying screen_info will do? */
memcpy(¶ms->screen_info, &screen_info, sizeof(struct screen_info));
/* Fill in memsize later */
params->screen_info.ext_mem_k = 0;
params->alt_mem_k = 0;
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efi_setup_data_offset);
#endif
/* Setup EDD info */
memcpy(params->eddbuf, boot_params.eddbuf,
EDDMAXNR * sizeof(struct edd_info));
params->eddbuf_entries = boot_params.eddbuf_entries;
memcpy(params->edd_mbr_sig_buffer, boot_params.edd_mbr_sig_buffer,
EDD_MBR_SIG_MAX * sizeof(unsigned int));
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
EDDMAXNR * sizeof(struct edd_info));
params->eddbuf_entries = boot_params.eddbuf_entries;
memcpy(params->edd_mbr_sig_buffer, boot_params.edd_mbr_sig_buffer,
EDD_MBR_SIG_MAX * sizeof(unsigned int));
return ret;
}
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
setup_header_size = 0x0202 + kernel[0x0201] - setup_hdr_offset;
/* Is there a limit on setup header size? */
memcpy(¶ms->hdr, (kernel + setup_hdr_offset), setup_header_size);
kbuf.buffer = params;
kbuf.memsz = kbuf.bufsz;
kbuf.buf_align = 16;
kbuf.buf_min = MIN_BOOTPARAM_ADDR;
Reported by FlawFinder.
arch/x86/kernel/cpu/resctrl/rdtgroup.c
7 issues
Line: 1807
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for_each_mon_enabled_rdt_resource(r) {
fflags = r->fflags | RF_MON_INFO;
sprintf(name, "%s_MON", r->name);
ret = rdtgroup_mkdir_info_resdir(r, name, fflags);
if (ret)
goto out_destroy;
}
Reported by FlawFinder.
Line: 2460
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
list_for_each_entry(prgrp, &rdt_all_groups, rdtgroup_list) {
sprintf(name, "mon_%s_%02d", r->name, dom_id);
kernfs_remove_by_name(prgrp->mon.mon_data_kn, name);
list_for_each_entry(crgrp, &prgrp->mon.crdtgrp_list, mon.crdtgrp_list)
kernfs_remove_by_name(crgrp->mon.mon_data_kn, name);
}
Reported by FlawFinder.
Line: 2479
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[32];
int ret;
sprintf(name, "mon_%s_%02d", r->name, d->id);
/* create the directory */
kn = kernfs_create_dir(parent_kn, name, parent_kn->mode, prgrp);
if (IS_ERR(kn))
return PTR_ERR(kn);
Reported by FlawFinder.
Line: 52
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct kernfs_node *kn_mondata;
static struct seq_buf last_cmd_status;
static char last_cmd_status_buf[512];
struct dentry *debugfs_resctrl;
void rdt_last_cmd_clear(void)
{
Reported by FlawFinder.
Line: 1786
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rdt_resource *r;
unsigned long fflags;
char name[32];
int ret;
/* create the directory */
kn_info = kernfs_create_dir(parent_kn, "info", parent_kn->mode, NULL);
if (IS_ERR(kn_info))
Reported by FlawFinder.
Line: 2454
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void rmdir_mondata_subdir_allrdtgrp(struct rdt_resource *r, unsigned int dom_id)
{
struct rdtgroup *prgrp, *crgrp;
char name[32];
if (!r->mon_enabled)
return;
list_for_each_entry(prgrp, &rdt_all_groups, rdtgroup_list) {
Reported by FlawFinder.
Line: 2476
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kernfs_node *kn;
struct mon_evt *mevt;
struct rmid_read rr;
char name[32];
int ret;
sprintf(name, "mon_%s_%02d", r->name, d->id);
/* create the directory */
kn = kernfs_create_dir(parent_kn, name, parent_kn->mode, prgrp);
Reported by FlawFinder.