The following issues were found
tools/testing/selftests/vm/gup_test.c
7 issues
Line: 93
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
pthread_t *tid;
char *p;
while ((opt = getopt(argc, argv, "m:r:n:F:f:abcj:tTLUuwWSHpz")) != -1) {
switch (opt) {
case 'a':
cmd = PIN_FAST_BENCHMARK;
break;
case 'b':
Reported by FlawFinder.
Line: 124
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
gup.gup_flags = strtol(optarg, 0, 0);
break;
case 'j':
nthreads = atoi(optarg);
break;
case 'm':
size = atoi(optarg) * MB;
break;
case 'r':
Reported by FlawFinder.
Line: 127
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
nthreads = atoi(optarg);
break;
case 'm':
size = atoi(optarg) * MB;
break;
case 'r':
repeats = atoi(optarg);
break;
case 'n':
Reported by FlawFinder.
Line: 130
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
size = atoi(optarg) * MB;
break;
case 'r':
repeats = atoi(optarg);
break;
case 'n':
nr_pages = atoi(optarg);
break;
case 't':
Reported by FlawFinder.
Line: 133
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
repeats = atoi(optarg);
break;
case 'n':
nr_pages = atoi(optarg);
break;
case 't':
thp = 1;
break;
case 'T':
Reported by FlawFinder.
Line: 196
Column: 10
CWE codes:
362
}
}
filed = open(file, O_RDWR|O_CREAT);
if (filed < 0) {
perror("open");
exit(filed);
}
Reported by FlawFinder.
Line: 206
Column: 11
CWE codes:
362
if (write)
gup.gup_flags |= FOLL_WRITE;
gup_fd = open("/sys/kernel/debug/gup_test", O_RDWR);
if (gup_fd == -1) {
perror("open");
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/vm/hmm-tests.c
7 issues
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hmm_open(int unit)
{
char pathname[HMM_PATH_MAX];
int fd;
snprintf(pathname, sizeof(pathname), "/dev/hmm_dmirror%d", unit);
fd = open(pathname, O_RDWR, 0);
if (fd < 0)
Reported by FlawFinder.
Line: 77
Column: 7
CWE codes:
362
int fd;
snprintf(pathname, sizeof(pathname), "/dev/hmm_dmirror%d", unit);
fd = open(pathname, O_RDWR, 0);
if (fd < 0)
fprintf(stderr, "could not open hmm dmirror driver (%s)\n",
pathname);
return fd;
}
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int hmm_create_file(unsigned long size)
{
char path[HMM_PATH_MAX];
int fd;
strcpy(path, "/tmp");
fd = open(path, O_TMPFILE | O_EXCL | O_RDWR, 0600);
if (fd >= 0) {
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char path[HMM_PATH_MAX];
int fd;
strcpy(path, "/tmp");
fd = open(path, O_TMPFILE | O_EXCL | O_RDWR, 0600);
if (fd >= 0) {
int r;
do {
Reported by FlawFinder.
Line: 171
Column: 7
CWE codes:
362
int fd;
strcpy(path, "/tmp");
fd = open(path, O_TMPFILE | O_EXCL | O_RDWR, 0600);
if (fd >= 0) {
int r;
do {
r = ftruncate(fd, size);
Reported by FlawFinder.
Line: 194
Column: 8
CWE codes:
362
unsigned int r;
if (fd < 0) {
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
fprintf(stderr, "%s:%d failed to open /dev/urandom\n",
__FILE__, __LINE__);
return ~0U;
}
Reported by FlawFinder.
tools/usb/usbip/src/usbip_bind.c
7 issues
Line: 193
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret = -1;
for (;;) {
opt = getopt_long(argc, argv, "b:", opts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int bind_usbip(char *busid)
{
char attr_name[] = "bind";
char bind_attr_path[SYSFS_PATH_MAX];
int rc = -1;
snprintf(bind_attr_path, sizeof(bind_attr_path), "%s/%s/%s/%s/%s/%s",
SYSFS_MNT_PATH, SYSFS_BUS_NAME, SYSFS_BUS_TYPE,
SYSFS_DRIVERS_NAME, USBIP_HOST_DRV_NAME, attr_name);
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum unbind_status status = UNBIND_ST_OK;
char attr_name[] = "unbind";
char unbind_attr_path[SYSFS_PATH_MAX];
int rc = -1;
struct udev *udev;
struct udev_device *dev;
const char *driver;
Reported by FlawFinder.
Line: 48
Column: 52
CWE codes:
126
SYSFS_MNT_PATH, SYSFS_BUS_NAME, SYSFS_BUS_TYPE,
SYSFS_DRIVERS_NAME, USBIP_HOST_DRV_NAME, attr_name);
rc = write_sysfs_attribute(bind_attr_path, busid, strlen(busid));
if (rc < 0) {
err("error binding device %s to driver: %s", busid,
strerror(errno));
return -1;
}
Reported by FlawFinder.
Line: 89
Column: 32
CWE codes:
126
goto err_close_busid_dev;
}
if (!strncmp(bDevClass, "09", strlen(bDevClass))) {
dbg("skip unbinding of hub");
goto err_close_busid_dev;
}
/* Get the device driver. */
Reported by FlawFinder.
Line: 102
Column: 5
CWE codes:
126
}
if (!strncmp(USBIP_HOST_DRV_NAME, driver,
strlen(USBIP_HOST_DRV_NAME))) {
/* Already bound to usbip-host. */
status = UNBIND_ST_USBIP_HOST;
goto out;
}
Reported by FlawFinder.
Line: 113
Column: 54
CWE codes:
126
SYSFS_MNT_PATH, SYSFS_BUS_NAME, SYSFS_BUS_TYPE,
SYSFS_DRIVERS_NAME, driver, attr_name);
rc = write_sysfs_attribute(unbind_attr_path, busid, strlen(busid));
if (rc < 0) {
err("error unbinding device %s from driver", busid);
goto err_close_busid_dev;
}
Reported by FlawFinder.
tools/testing/selftests/vm/madv_populate.c
7 issues
Line: 164
Column: 11
CWE codes:
362
static bool range_is_populated(char *start, ssize_t size)
{
int fd = open("/proc/self/pagemap", O_RDONLY);
bool ret = true;
if (fd < 0)
ksft_exit_fail_msg("opening pagemap failed\n");
for (; size > 0 && ret; size -= pagesize, start += pagesize)
Reported by FlawFinder.
Line: 178
Column: 11
CWE codes:
362
static bool range_is_not_populated(char *start, ssize_t size)
{
int fd = open("/proc/self/pagemap", O_RDONLY);
bool ret = true;
if (fd < 0)
ksft_exit_fail_msg("opening pagemap failed\n");
for (; size > 0 && ret; size -= pagesize, start += pagesize)
Reported by FlawFinder.
Line: 236
Column: 11
CWE codes:
362
static bool range_is_softdirty(char *start, ssize_t size)
{
int fd = open("/proc/self/pagemap", O_RDONLY);
bool ret = true;
if (fd < 0)
ksft_exit_fail_msg("opening pagemap failed\n");
for (; size > 0 && ret; size -= pagesize, start += pagesize)
Reported by FlawFinder.
Line: 250
Column: 11
CWE codes:
362
static bool range_is_not_softdirty(char *start, ssize_t size)
{
int fd = open("/proc/self/pagemap", O_RDONLY);
bool ret = true;
if (fd < 0)
ksft_exit_fail_msg("opening pagemap failed\n");
for (; size > 0 && ret; size -= pagesize, start += pagesize)
Reported by FlawFinder.
Line: 264
Column: 11
CWE codes:
362
static void clear_softdirty(void)
{
int fd = open("/proc/self/clear_refs", O_WRONLY);
const char *ctrl = "4";
int ret;
if (fd < 0)
ksft_exit_fail_msg("opening clear_refs failed\n");
Reported by FlawFinder.
Line: 270
Column: 24
CWE codes:
126
if (fd < 0)
ksft_exit_fail_msg("opening clear_refs failed\n");
ret = write(fd, ctrl, strlen(ctrl));
if (ret != strlen(ctrl))
ksft_exit_fail_msg("writing clear_refs failed\n");
close(fd);
}
Reported by FlawFinder.
Line: 271
Column: 13
CWE codes:
126
if (fd < 0)
ksft_exit_fail_msg("opening clear_refs failed\n");
ret = write(fd, ctrl, strlen(ctrl));
if (ret != strlen(ctrl))
ksft_exit_fail_msg("writing clear_refs failed\n");
close(fd);
}
static void test_softdirty(void)
Reported by FlawFinder.
tools/testing/selftests/vm/mremap_test.c
7 issues
Line: 129
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
/* Set byte pattern */
srand(pattern_seed);
for (i = 0; i < threshold; i++)
memset((char *) src_addr + i, (char) rand(), 1);
/* Mask to zero out lower bits of address for alignment */
align_mask = ~(c.dest_alignment - 1);
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
/* Verify byte pattern after remapping */
srand(pattern_seed);
for (i = 0; i < threshold; i++) {
char c = (char) rand();
if (((char *) dest_addr)[i] != c) {
ksft_print_msg("Data after remap doesn't match at offset %d\n",
Reported by FlawFinder.
Line: 235
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
const char *optstr = "t:p:";
int opt;
while ((opt = getopt(argc, argv, optstr)) != -1) {
switch (opt) {
case 't':
*threshold_mb = atoi(optarg);
break;
case 'p':
Reported by FlawFinder.
Line: 160
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < threshold; i++) {
char c = (char) rand();
if (((char *) dest_addr)[i] != c) {
ksft_print_msg("Data after remap doesn't match at offset %d\n",
i);
ksft_print_msg("Expected: %#x\t Got: %#x\n", c & 0xff,
((char *) dest_addr)[i] & 0xff);
ret = -1;
Reported by FlawFinder.
Line: 164
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ksft_print_msg("Data after remap doesn't match at offset %d\n",
i);
ksft_print_msg("Expected: %#x\t Got: %#x\n", c & 0xff,
((char *) dest_addr)[i] & 0xff);
ret = -1;
goto clean_up_dest;
}
}
Reported by FlawFinder.
Line: 238
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((opt = getopt(argc, argv, optstr)) != -1) {
switch (opt) {
case 't':
*threshold_mb = atoi(optarg);
break;
case 'p':
*pattern_seed = atoi(optarg);
break;
default:
Reported by FlawFinder.
Line: 241
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
*threshold_mb = atoi(optarg);
break;
case 'p':
*pattern_seed = atoi(optarg);
break;
default:
usage(argv[0]);
return -1;
}
Reported by FlawFinder.
tools/usb/usbip/libsrc/usbip_common.c
6 issues
Line: 164
Column: 8
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
* as errors.
*/
ret = sscanf(attr, format, &num);
if (ret < 1) {
if (strcmp(name, "bConfigurationValue") &&
strcmp(name, "bNumInterfaces")) {
err("sscanf failed for attribute %s", name);
goto err;
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void dump_usb_interface(struct usbip_usb_interface *uinf)
{
char buff[100];
usbip_names_get_class(buff, sizeof(buff),
uinf->bInterfaceClass,
uinf->bInterfaceSubClass,
uinf->bInterfaceProtocol);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void dump_usb_device(struct usbip_usb_device *udev)
{
char buff[100];
dbg("%-20s = %s", "path", udev->path);
dbg("%-20s = %s", "busid", udev->busid);
usbip_names_get_class(buff, sizeof(buff),
Reported by FlawFinder.
Line: 243
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int read_usb_interface(struct usbip_usb_device *udev, int i,
struct usbip_usb_interface *uinf)
{
char busid[SYSFS_BUS_ID_SIZE];
int size;
struct udev_device *sif;
size = snprintf(busid, sizeof(busid), "%s:%d.%d",
udev->busid, udev->bConfigurationValue, i);
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
120
path = udev_device_get_syspath(sdev);
name = udev_device_get_sysname(sdev);
strncpy(udev->path, path, SYSFS_PATH_MAX - 1);
udev->path[SYSFS_PATH_MAX - 1] = '\0';
strncpy(udev->busid, name, SYSFS_BUS_ID_SIZE - 1);
udev->busid[SYSFS_BUS_ID_SIZE - 1] = '\0';
sscanf(name, "%u-%u", &busnum, &devnum);
Reported by FlawFinder.
Line: 231
Column: 2
CWE codes:
120
strncpy(udev->path, path, SYSFS_PATH_MAX - 1);
udev->path[SYSFS_PATH_MAX - 1] = '\0';
strncpy(udev->busid, name, SYSFS_BUS_ID_SIZE - 1);
udev->busid[SYSFS_BUS_ID_SIZE - 1] = '\0';
sscanf(name, "%u-%u", &busnum, &devnum);
udev->busnum = busnum;
Reported by FlawFinder.
tools/thermal/tmon/tmon.c
6 issues
Line: 229
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
exit(EXIT_FAILURE);
}
while ((c = getopt_long(argc, argv, "c:dlht:T:vgz:", opts, &id2)) != -1) {
switch (c) {
case 'c':
no_control = 0;
strncpy(ctrl_cdev, optarg, CDEV_NAME_SIZE);
break;
Reported by FlawFinder.
Line: 43
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int debug_on;
FILE *tmon_log;
/*cooling device used for the PID controller */
char ctrl_cdev[CDEV_NAME_SIZE] = "None";
int target_thermal_zone; /* user selected target zone instance */
static void start_daemon_mode(void);
pthread_t event_tid;
pthread_mutex_t input_lock;
Reported by FlawFinder.
Line: 139
Column: 13
CWE codes:
362
if (!logging)
return;
/* open local data log file */
tmon_log = fopen(TMON_LOG_FILE, "w+");
if (!tmon_log) {
syslog(LOG_ERR, "failed to open log file %s\n", TMON_LOG_FILE);
return;
}
Reported by FlawFinder.
Line: 169
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fprintf(tmon_log, "#----------- THERMAL SYSTEM CONFIG -------------\n");
for (i = 0; i < ptdata.nr_tz_sensor; i++) {
char binding_str[33]; /* size of long + 1 */
int j;
memset(binding_str, 0, sizeof(binding_str));
for (j = 0; j < 32; j++)
binding_str[j] = (ptdata.tzi[i].cdev_binding & (1 << j)) ?
Reported by FlawFinder.
Line: 233
Column: 4
CWE codes:
120
switch (c) {
case 'c':
no_control = 0;
strncpy(ctrl_cdev, optarg, CDEV_NAME_SIZE);
break;
case 'd':
start_daemon_mode();
printf("Run TMON in daemon mode\n");
break;
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
732
disable_tui();
/* change the file mode mask */
umask(S_IWGRP | S_IWOTH);
/* new SID for the daemon process */
sid = setsid();
if (sid < 0)
exit(EXIT_FAILURE);
Reported by FlawFinder.
tools/testing/selftests/vm/memfd_secret.c
6 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test_file_apis(int fd)
{
char buf[64];
if ((read(fd, buf, sizeof(buf)) >= 0) ||
(write(fd, buf, sizeof(buf)) >= 0) ||
(pread(fd, buf, sizeof(buf), 0) >= 0) ||
(pwrite(fd, buf, sizeof(buf), 0) >= 0))
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void try_process_vm_read(int fd, int pipefd[2])
{
struct iovec liov, riov;
char buf[64];
char *mem;
if (read(pipefd[0], &mem, sizeof(mem)) < 0) {
fail("pipe write: %s\n", strerror(errno));
exit(KSFT_FAIL);
Reported by FlawFinder.
Line: 158
Column: 46
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fail("%s: unexpected memory access\n", name);
}
static void test_remote_access(int fd, const char *name,
void (*func)(int fd, int pipefd[2]))
{
int pipefd[2];
pid_t pid;
char *mem;
Reported by FlawFinder.
Line: 50
Column: 7
CWE codes:
120
20
{
char buf[64];
if ((read(fd, buf, sizeof(buf)) >= 0) ||
(write(fd, buf, sizeof(buf)) >= 0) ||
(pread(fd, buf, sizeof(buf), 0) >= 0) ||
(pwrite(fd, buf, sizeof(buf), 0) >= 0))
fail("unexpected file IO\n");
else
Reported by FlawFinder.
Line: 89
Column: 6
CWE codes:
120
20
char buf[64];
char *mem;
if (read(pipefd[0], &mem, sizeof(mem)) < 0) {
fail("pipe write: %s\n", strerror(errno));
exit(KSFT_FAIL);
}
liov.iov_len = riov.iov_len = sizeof(buf);
Reported by FlawFinder.
tools/testing/selftests/vm/thuge-gen.c
6 issues
Line: 105
Column: 2
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
snprintf(buf, sizeof buf,
"cat /sys/kernel/mm/hugepages/hugepages-%lukB/free_hugepages",
ps >> 10);
system(buf);
}
unsigned long read_sysfs(int warn, char *fmt, ...)
{
char *line = NULL;
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
unsigned long val = 0;
va_start(ap, fmt);
vsnprintf(buf, sizeof buf, fmt, ap);
va_end(ap);
f = fopen(buf, "r");
if (!f) {
if (warn)
Reported by FlawFinder.
Line: 82
Column: 12
CWE codes:
362
unsigned long hps = 0;
char *line = NULL;
size_t linelen = 0;
FILE *f = fopen("/proc/meminfo", "r");
if (!f)
return 0;
while (getline(&line, &linelen, f) > 0) {
if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) {
hps <<= 10;
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void show(unsigned long ps)
{
char buf[100];
if (ps == getpagesize())
return;
printf("%luMB: ", ps >> 20);
fflush(stdout);
snprintf(buf, sizeof buf,
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char *line = NULL;
size_t linelen = 0;
char buf[100];
FILE *f;
va_list ap;
unsigned long val = 0;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 121
Column: 6
CWE codes:
362
vsnprintf(buf, sizeof buf, fmt, ap);
va_end(ap);
f = fopen(buf, "r");
if (!f) {
if (warn)
printf("missing %s\n", buf);
return 0;
}
Reported by FlawFinder.
drivers/edac/ppc4xx_edac.c
6 issues
Line: 219
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Strings associated with PLB master IDs capable of being posted in
* SDRAM_BESR or SDRAM_WMIRQ on uncorrectable ECC errors.
*/
static const char * const ppc4xx_plb_masters[9] = {
[SDRAM_PLB_M0ID_ICU] = "ICU",
[SDRAM_PLB_M0ID_PCIE0] = "PCI-E 0",
[SDRAM_PLB_M0ID_PCIE1] = "PCI-E 1",
[SDRAM_PLB_M0ID_DMA] = "DMA",
[SDRAM_PLB_M0ID_DCU] = "DCU",
Reported by FlawFinder.
Line: 629
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ppc4xx_ecc_dump_status(const struct mem_ctl_info *mci,
const struct ppc4xx_ecc_status *status)
{
char message[PPC4XX_EDAC_MESSAGE_SIZE];
ppc4xx_edac_generate_message(mci, status, message, sizeof(message));
ppc4xx_edac_mc_printk(KERN_INFO, mci,
"\n"
Reported by FlawFinder.
Line: 719
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct ppc4xx_ecc_status *status)
{
int row;
char message[PPC4XX_EDAC_MESSAGE_SIZE];
ppc4xx_edac_generate_message(mci, status, message, sizeof(message));
for (row = 0; row < mci->nr_csrows; row++)
if (ppc4xx_edac_check_bank_error(status, row))
Reported by FlawFinder.
Line: 750
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned long page = bear >> PAGE_SHIFT;
const unsigned long offset = bear & ~PAGE_MASK;
int row;
char message[PPC4XX_EDAC_MESSAGE_SIZE];
ppc4xx_edac_generate_message(mci, status, message, sizeof(message));
for (row = 0; row < mci->nr_csrows; row++)
if (ppc4xx_edac_check_bank_error(status, row))
Reported by FlawFinder.
Line: 558
Column: 7
CWE codes:
120
20
size_t size)
{
unsigned int master;
bool read;
if ((status->besr & SDRAM_BESR_MASK) == 0)
return 0;
if ((status->besr & SDRAM_BESR_M0ET_MASK) == SDRAM_BESR_M0ET_NONE)
Reported by FlawFinder.
Line: 572
Column: 5
CWE codes:
120
20
return snprintf(buffer, size,
"%s error w/ PLB master %u \"%s\"; ",
(read ? "Read" : "Write"),
master,
(((master >= SDRAM_PLB_M0ID_FIRST) &&
(master <= SDRAM_PLB_M0ID_LAST)) ?
ppc4xx_plb_masters[master] : "UNKNOWN"));
}
Reported by FlawFinder.