The following issues were found
lib/zstd/huf_decompress.c
6 issues
Line: 126
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERROR(tableLog_tooLarge); /* DTable too small, Huffman tree cannot fit in */
dtd.tableType = 0;
dtd.tableLog = (BYTE)tableLog;
memcpy(DTable, &dtd, sizeof(dtd));
}
/* Calculate starting value for each rank */
{
U32 n, nextRankStart = 0;
Reported by FlawFinder.
Line: 591
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dtd.tableLog = (BYTE)maxTableLog;
dtd.tableType = 1;
memcpy(DTable, &dtd, sizeof(dtd));
return iSize;
}
static U32 HUF_decodeSymbolX4(void *op, BIT_DStream_t *DStream, const HUF_DEltX4 *dt, const U32 dtLog)
{
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static U32 HUF_decodeSymbolX4(void *op, BIT_DStream_t *DStream, const HUF_DEltX4 *dt, const U32 dtLog)
{
size_t const val = BIT_lookBitsFast(DStream, dtLog); /* note : dtLog >= 1 */
memcpy(op, dt + val, 2);
BIT_skipBits(DStream, dt[val].nbBits);
return dt[val].length;
}
static U32 HUF_decodeLastSymbolX4(void *op, BIT_DStream_t *DStream, const HUF_DEltX4 *dt, const U32 dtLog)
Reported by FlawFinder.
Line: 606
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static U32 HUF_decodeLastSymbolX4(void *op, BIT_DStream_t *DStream, const HUF_DEltX4 *dt, const U32 dtLog)
{
size_t const val = BIT_lookBitsFast(DStream, dtLog); /* note : dtLog >= 1 */
memcpy(op, dt + val, 1);
if (dt[val].length == 1)
BIT_skipBits(DStream, dt[val].nbBits);
else {
if (DStream->bitsConsumed < (sizeof(DStream->bitContainer) * 8)) {
BIT_skipBits(DStream, dt[val].nbBits);
Reported by FlawFinder.
Line: 909
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cSrcSize > dstSize)
return ERROR(corruption_detected); /* invalid */
if (cSrcSize == dstSize) {
memcpy(dst, cSrc, dstSize);
return dstSize;
} /* not compressed */
if (cSrcSize == 1) {
memset(dst, *(const BYTE *)cSrc, dstSize);
return dstSize;
Reported by FlawFinder.
Line: 947
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cSrcSize > dstSize)
return ERROR(corruption_detected); /* invalid */
if (cSrcSize == dstSize) {
memcpy(dst, cSrc, dstSize);
return dstSize;
} /* not compressed */
if (cSrcSize == 1) {
memset(dst, *(const BYTE *)cSrc, dstSize);
return dstSize;
Reported by FlawFinder.
net/netfilter/ipvs/ip_vs_sync.c
6 issues
Line: 606
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cp->flags & IP_VS_CONN_F_SEQ_MASK) {
struct ip_vs_sync_conn_options *opt =
(struct ip_vs_sync_conn_options *)&s[1];
memcpy(opt, &cp->in_seq, sizeof(*opt));
}
m->nr_conns++;
m->size = htons(ntohs(m->size) + len);
buff->head += len;
Reported by FlawFinder.
Line: 760
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cp->pe_data_len && cp->pe_data) {
*(p++) = IPVS_OPT_PE_DATA;
*(p++) = cp->pe_data_len;
memcpy(p, cp->pe_data, cp->pe_data_len);
p += cp->pe_data_len;
if (pe_name_len) {
/* Add PE_NAME */
*(p++) = IPVS_OPT_PE_NAME;
*(p++) = pe_name_len;
Reported by FlawFinder.
Line: 766
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Add PE_NAME */
*(p++) = IPVS_OPT_PE_NAME;
*(p++) = pe_name_len;
memcpy(p, cp->pe->name, pe_name_len);
p += pe_name_len;
}
}
spin_unlock_bh(&ipvs->sync_buff_lock);
Reported by FlawFinder.
Line: 811
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Handle pe data */
if (pe_data_len) {
if (pe_name_len) {
char buff[IP_VS_PENAME_MAXLEN+1];
memcpy(buff, pe_name, pe_name_len);
buff[pe_name_len]=0;
p->pe = __ip_vs_pe_getbyname(buff);
if (!p->pe) {
Reported by FlawFinder.
Line: 813
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pe_name_len) {
char buff[IP_VS_PENAME_MAXLEN+1];
memcpy(buff, pe_name, pe_name_len);
buff[pe_name_len]=0;
p->pe = __ip_vs_pe_getbyname(buff);
if (!p->pe) {
IP_VS_DBG(3, "BACKUP, no %s engine found/loaded\n",
buff);
Reported by FlawFinder.
Line: 1395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
memset(&mreq, 0, sizeof(mreq));
memcpy(&mreq.imr_multiaddr, addr, sizeof(struct in_addr));
if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if)
return -EINVAL;
mreq.imr_ifindex = dev->ifindex;
Reported by FlawFinder.
lib/seq_buf.c
6 issues
Line: 64
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
WARN_ON(s->size == 0);
if (s->len < s->size) {
len = vsnprintf(s->buffer + s->len, s->size - s->len, fmt, args);
if (s->len + len < s->size) {
s->len += len;
return 0;
}
}
Reported by FlawFinder.
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len += 1;
if (seq_buf_can_fit(s, len)) {
memcpy(s->buffer + s->len, str, len);
/* Don't count the trailing null byte against the capacity */
s->len += len - 1;
return 0;
}
seq_buf_set_overflow(s);
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WARN_ON(s->size == 0);
if (seq_buf_can_fit(s, len)) {
memcpy(s->buffer + s->len, mem, len);
s->len += len;
return 0;
}
seq_buf_set_overflow(s);
return -1;
Reported by FlawFinder.
Line: 225
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int seq_buf_putmem_hex(struct seq_buf *s, const void *mem,
unsigned int len)
{
unsigned char hex[HEX_CHARS];
const unsigned char *data = mem;
unsigned int start_len;
int i, j;
WARN_ON(s->size == 0);
Reported by FlawFinder.
Line: 367
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const u8 *ptr = buf;
int i, linelen, remaining = len;
unsigned char linebuf[32 * 3 + 2 + 32 + 1];
int ret;
if (rowsize != 16 && rowsize != 32)
rowsize = 16;
Reported by FlawFinder.
Line: 144
Column: 15
CWE codes:
126
*/
int seq_buf_puts(struct seq_buf *s, const char *str)
{
size_t len = strlen(str);
WARN_ON(s->size == 0);
/* Add 1 to len for the trailing null byte which must be there */
len += 1;
Reported by FlawFinder.
include/uapi/linux/ipx.h
6 issues
Line: 16
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__kernel_sa_family_t sipx_family;
__be16 sipx_port;
__be32 sipx_network;
unsigned char sipx_node[IPX_NODE_LEN];
__u8 sipx_type;
unsigned char sipx_zero; /* 16 byte fill */
};
#endif /* __UAPI_DEF_SOCKADDR_IPX */
Reported by FlawFinder.
Line: 34
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipx_route_definition {
__be32 ipx_network;
__be32 ipx_router_network;
unsigned char ipx_router_node[IPX_NODE_LEN];
};
#endif /* __UAPI_DEF_IPX_ROUTE_DEFINITION */
#if __UAPI_DEF_IPX_INTERFACE_DEFINITION
struct ipx_interface_definition {
Reported by FlawFinder.
Line: 41
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if __UAPI_DEF_IPX_INTERFACE_DEFINITION
struct ipx_interface_definition {
__be32 ipx_network;
unsigned char ipx_device[16];
unsigned char ipx_dlink_type;
#define IPX_FRAME_NONE 0
#define IPX_FRAME_SNAP 1
#define IPX_FRAME_8022 2
#define IPX_FRAME_ETHERII 3
Reported by FlawFinder.
Line: 53
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IPX_SPECIAL_NONE 0
#define IPX_PRIMARY 1
#define IPX_INTERNAL 2
unsigned char ipx_node[IPX_NODE_LEN];
};
#endif /* __UAPI_DEF_IPX_INTERFACE_DEFINITION */
#if __UAPI_DEF_IPX_CONFIG_DATA
struct ipx_config_data {
Reported by FlawFinder.
Line: 73
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 ipx_network;
__be32 ipx_router_network;
#define IPX_ROUTE_NO_ROUTER 0
unsigned char ipx_router_node[IPX_NODE_LEN];
unsigned char ipx_device[16];
unsigned short ipx_flags;
#define IPX_RT_SNAP 8
#define IPX_RT_8022 4
#define IPX_RT_BLUEBOOK 2
Reported by FlawFinder.
Line: 74
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 ipx_router_network;
#define IPX_ROUTE_NO_ROUTER 0
unsigned char ipx_router_node[IPX_NODE_LEN];
unsigned char ipx_device[16];
unsigned short ipx_flags;
#define IPX_RT_SNAP 8
#define IPX_RT_8022 4
#define IPX_RT_BLUEBOOK 2
#define IPX_RT_ROUTED 1
Reported by FlawFinder.
lib/mpi/mpicoder.c
6 issues
Line: 290
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#else
#error please implement for this limb size.
#endif
memcpy(p, (u8 *)&alimb + lzeros, BYTES_PER_MPI_LIMB - lzeros);
p += BYTES_PER_MPI_LIMB - lzeros;
lzeros = 0;
}
return 0;
}
Reported by FlawFinder.
Line: 615
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*s++ = 0;
else if (extra)
*s++ = 0xff;
memcpy(s, tmp, n-!!extra);
}
kfree(tmp);
*nwritten = n;
return 0;
} else if (format == GCRYMPI_FMT_USG) {
Reported by FlawFinder.
Line: 636
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = mpi_get_buffer(a, &n, NULL);
if (!tmp)
return -EINVAL;
memcpy(buffer, tmp, n);
kfree(tmp);
}
*nwritten = n;
return 0;
} else if (format == GCRYMPI_FMT_PGP) {
Reported by FlawFinder.
Line: 661
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = mpi_get_buffer(a, &n, NULL);
if (!tmp)
return -EINVAL;
memcpy(s+2, tmp, n);
kfree(tmp);
}
*nwritten = n+2;
return 0;
} else if (format == GCRYMPI_FMT_SSH) {
Reported by FlawFinder.
Line: 703
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*s++ = 0;
else if (extra)
*s++ = 0xff;
memcpy(s, tmp, n-!!extra);
}
kfree(tmp);
*nwritten = 4+n;
return 0;
} else if (format == GCRYMPI_FMT_HEX) {
Reported by FlawFinder.
Line: 133
Column: 10
CWE codes:
126
if (*str == '0' && str[1] == 'x')
str += 2;
nbits = strlen(str);
if (nbits > MAX_EXTERN_SCAN_BYTES) {
mpi_clear(val);
return -EINVAL;
}
nbits *= 4;
Reported by FlawFinder.
include/uapi/linux/media.h
6 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/types.h>
struct media_device_info {
char driver[16];
char model[32];
char serial[40];
char bus_info[32];
__u32 media_version;
__u32 hw_revision;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_device_info {
char driver[16];
char model[32];
char serial[40];
char bus_info[32];
__u32 media_version;
__u32 hw_revision;
__u32 driver_version;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_device_info {
char driver[16];
char model[32];
char serial[40];
char bus_info[32];
__u32 media_version;
__u32 hw_revision;
__u32 driver_version;
__u32 reserved[31];
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char driver[16];
char model[32];
char serial[40];
char bus_info[32];
__u32 media_version;
__u32 hw_revision;
__u32 driver_version;
__u32 reserved[31];
};
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_entity_desc {
__u32 id;
char name[32];
__u32 type;
__u32 revision;
__u32 flags;
__u32 group_id;
__u16 pads;
Reported by FlawFinder.
Line: 302
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_v2_entity {
__u32 id;
char name[64];
__u32 function; /* Main function of the entity */
__u32 flags;
__u32 reserved[5];
} __attribute__ ((packed));
Reported by FlawFinder.
net/netfilter/ipset/ip_set_hash_netiface.c
6 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 nomatch;
u8 elem;
u8 wildcard;
char iface[IFNAMSIZ];
};
/* Common functions */
static bool
Reported by FlawFinder.
Line: 300
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 nomatch;
u8 elem;
u8 wildcard;
char iface[IFNAMSIZ];
};
/* Common functions */
static bool
Reported by FlawFinder.
Line: 78
Column: 35
CWE codes:
126
(++*multi) &&
ip1->physdev == ip2->physdev &&
(ip1->wildcard ?
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
strcmp(ip1->iface, ip2->iface) == 0);
}
static int
hash_netiface4_do_data_match(const struct hash_netiface4_elem *elem)
Reported by FlawFinder.
Line: 192
Column: 6
CWE codes:
126
STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
}
if (strlen(e.iface) == 0)
return -EINVAL;
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
static int
Reported by FlawFinder.
Line: 315
Column: 35
CWE codes:
126
(++*multi) &&
ip1->physdev == ip2->physdev &&
(ip1->wildcard ?
strncmp(ip1->iface, ip2->iface, strlen(ip1->iface)) == 0 :
strcmp(ip1->iface, ip2->iface) == 0);
}
static int
hash_netiface6_do_data_match(const struct hash_netiface6_elem *elem)
Reported by FlawFinder.
Line: 413
Column: 6
CWE codes:
126
STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
}
if (strlen(e.iface) == 0)
return -EINVAL;
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
Reported by FlawFinder.
lib/decompress_unlzma.c
6 issues
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
Line: 583
CWE codes:
758
for (i = 0; i < sizeof(header); i++) {
if (rc.ptr >= rc.buffer_end)
rc_read(&rc);
((unsigned char *)&header)[i] = *rc.ptr++;
}
if (header.pos >= (9 * 5 * 5)) {
error("bad header");
goto exit_1;
Reported by Cppcheck.
lib/bch.c
6 issues
Line: 198
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((u32)swap_bits(bch, src[2]) << 8) |
swap_bits(bch, src[3]);
memcpy(pad, src, BCH_ECC_BYTES(bch)-4*nwords);
dst[nwords] = ((u32)swap_bits(bch, pad[0]) << 24) |
((u32)swap_bits(bch, pad[1]) << 16) |
((u32)swap_bits(bch, pad[2]) << 8) |
swap_bits(bch, pad[3]);
}
Reported by FlawFinder.
Line: 224
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pad[1] = swap_bits(bch, src[nwords] >> 16);
pad[2] = swap_bits(bch, src[nwords] >> 8);
pad[3] = swap_bits(bch, src[nwords]);
memcpy(dst, pad, BCH_ECC_BYTES(bch)-4*nwords);
}
/**
* bch_encode - calculate BCH ecc parity of data
* @bch: BCH control structure
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlen = len/4;
data += 4*mlen;
len -= 4*mlen;
memcpy(r, bch->ecc_buf, r_bytes);
/*
* split each 32-bit word into 4 polynomials of weight 8 as follows:
*
* 31 ...24 23 ...16 15 ... 8 7 ... 0
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r[l] = p0[l]^p1[l]^p2[l]^p3[l];
}
memcpy(bch->ecc_buf, r, r_bytes);
/* process last unaligned bytes */
if (len)
bch_encode_unaligned(bch, data, len, bch->ecc_buf);
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void gf_poly_copy(struct gf_poly *dst, struct gf_poly *src)
{
memcpy(dst, src, GF_POLY_SZ(src->deg));
}
static int compute_error_locator_polynomial(struct bch_control *bch,
const unsigned int *syn)
{
Reported by FlawFinder.
Line: 823
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* compute a mod b (modifies a) */
gf_poly_mod(bch, a, b, NULL);
/* quotient is stored in upper part of polynomial a */
memcpy(q->c, &a->c[b->deg], (1+q->deg)*sizeof(unsigned int));
} else {
q->deg = 0;
q->c[0] = 0;
}
}
Reported by FlawFinder.
kernel/trace/trace_syscalls.c
6 issues
Line: 220
CWE codes:
682
/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < entry->nb_args; i++) {
pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
entry->args[i], sizeof(unsigned long),
i == entry->nb_args - 1 ? "" : ", ");
}
Reported by Cppcheck.
Line: 222
CWE codes:
682
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < entry->nb_args; i++) {
pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
entry->args[i], sizeof(unsigned long),
i == entry->nb_args - 1 ? "" : ", ");
}
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
Reported by Cppcheck.
Line: 226
CWE codes:
682
entry->args[i], sizeof(unsigned long),
i == entry->nb_args - 1 ? "" : ", ");
}
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < entry->nb_args; i++) {
pos += snprintf(buf + pos, LEN_OR_ZERO,
", ((unsigned long)(REC->%s))", entry->args[i]);
}
Reported by Cppcheck.
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct syscall_metadata **start;
struct syscall_metadata **stop;
char str[KSYM_SYMBOL_LEN];
start = __start_syscalls_metadata;
stop = __stop_syscalls_metadata;
kallsyms_lookup(syscall, NULL, NULL, NULL, str);
Reported by FlawFinder.
Line: 335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry = ring_buffer_event_data(event);
entry->nr = syscall_nr;
syscall_get_arguments(current, regs, args);
memcpy(entry->args, args, sizeof(unsigned long) * sys_data->nb_args);
event_trigger_unlock_commit(trace_file, buffer, event, entry,
trace_ctx);
}
Reported by FlawFinder.
Line: 625
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rec->nr = syscall_nr;
syscall_get_arguments(current, regs, args);
memcpy(&rec->args, args, sizeof(unsigned long) * sys_data->nb_args);
if ((valid_prog_array &&
!perf_call_bpf_enter(sys_data->enter_event, regs, sys_data, rec)) ||
hlist_empty(head)) {
perf_swevent_put_recursion_context(rctx);
Reported by FlawFinder.