The following issues were found
arch/powerpc/platforms/powernv/opal-elog.c
6 issues
Line: 58
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct elog_attribute *attr,
char *buf)
{
return sprintf(buf, "0x%llx %s\n",
elog_obj->type,
elog_type_to_string(elog_obj->type));
}
static ssize_t elog_ack_show(struct elog_obj *elog_obj,
Reported by FlawFinder.
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct elog_attribute *attr,
char *buf)
{
return sprintf(buf, "0x%llx\n", elog_obj->id);
}
static const char *elog_type_to_string(uint64_t type)
{
switch (type) {
Reported by FlawFinder.
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct elog_attribute *attr,
char *buf)
{
return sprintf(buf, "ack - acknowledge log message\n");
}
static ssize_t elog_ack_store(struct elog_obj *elog_obj,
struct elog_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 182
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(buffer, elog->buffer + pos, count);
return count;
}
static void create_elog_obj(uint64_t id, size_t size, uint64_t type)
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint64_t log_id;
uint64_t elog_type;
int rc;
char name[2+16+1];
struct kobject *kobj;
rc = opal_get_elog_size(&id, &size, &type);
if (rc != OPAL_SUCCESS) {
pr_err("ELOG: OPAL log info read failed\n");
Reported by FlawFinder.
Line: 287
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (elog_size >= OPAL_MAX_ERRLOG_SIZE)
elog_size = OPAL_MAX_ERRLOG_SIZE;
sprintf(name, "0x%llx", log_id);
/* we may get notified twice, let's handle
* that gracefully and not create two conflicting
* entries.
*/
Reported by FlawFinder.
arch/arm/crypto/ghash-ce-glue.c
6 issues
Line: 109
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (partial) {
int p = GHASH_BLOCK_SIZE - partial;
memcpy(ctx->buf + partial, src, p);
src += p;
len -= p;
}
blocks = len / GHASH_BLOCK_SIZE;
Reported by FlawFinder.
Line: 123
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
partial = 0;
}
if (len)
memcpy(ctx->buf + partial, src, len);
return 0;
}
static int ghash_final(struct shash_desc *desc, u8 *dst)
{
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
/* needed for the fallback */
memcpy(&key->k, inkey, GHASH_BLOCK_SIZE);
ghash_reflect(key->h[0], &key->k);
if (static_branch_likely(&use_p64)) {
be128 h = key->k;
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_update(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
return shash_ahash_update(req, desc);
Reported by FlawFinder.
Line: 239
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_final(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
return crypto_shash_final(desc, req->result);
Reported by FlawFinder.
Line: 257
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_digest(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
Reported by FlawFinder.
arch/alpha/kernel/core_cia.c
6 issues
Line: 839
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
cia_decode_pci_error(struct el_CIA_sysdata_mcheck *cia, const char *msg)
{
static const char * const pci_cmd_desc[16] = {
"Interrupt Acknowledge", "Special Cycle", "I/O Read",
"I/O Write", "Reserved 0x4", "Reserved 0x5", "Memory Read",
"Memory Write", "Reserved 0x8", "Reserved 0x9",
"Configuration Read", "Configuration Write",
"Memory Read Multiple", "Dual Address Cycle",
Reported by FlawFinder.
Line: 852
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
| CIA_ERR_UN_COR_ERR
| CIA_ERR_MEM_NEM
| CIA_ERR_PA_PTE_INV)) {
static const char * const window_desc[6] = {
"No window active", "Window 0 hit", "Window 1 hit",
"Window 2 hit", "Window 3 hit", "Monster window hit"
};
const char *window;
Reported by FlawFinder.
Line: 886
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
| CIA_ERR_RCVD_MAS_ABT
| CIA_ERR_RCVD_TAR_ABT
| CIA_ERR_IOA_TIMEOUT)) {
static const char * const master_st_desc[16] = {
"Idle", "Drive bus", "Address step cycle",
"Address cycle", "Data cycle", "Last read data cycle",
"Last write data cycle", "Read stop cycle",
"Write stop cycle", "Read turnaround cycle",
"Write turnaround cycle", "Reserved 0xB",
Reported by FlawFinder.
Line: 895
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Reserved 0xC", "Reserved 0xD", "Reserved 0xE",
"Unknown state"
};
static const char * const target_st_desc[16] = {
"Idle", "Busy", "Read data cycle", "Write data cycle",
"Read stop cycle", "Write stop cycle",
"Read turnaround cycle", "Write turnaround cycle",
"Read wait cycle", "Write wait cycle",
"Reserved 0xA", "Reserved 0xB", "Reserved 0xC",
Reported by FlawFinder.
Line: 1045
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fmt = KERN_CRIT " ECC syndrome %#x -- check bit %d\n";
i = ffs(syn) - 1;
} else {
static unsigned char const data_bit[64] = {
0xCE, 0xCB, 0xD3, 0xD5,
0xD6, 0xD9, 0xDA, 0xDC,
0x23, 0x25, 0x26, 0x29,
0x2A, 0x2C, 0x31, 0x34,
0x0E, 0x0B, 0x13, 0x15,
Reported by FlawFinder.
Line: 1080
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
cia_decode_parity_error(struct el_CIA_sysdata_mcheck *cia)
{
static const char * const cmd_desc[16] = {
"NOP", "LOCK", "FETCH", "FETCH_M", "MEMORY BARRIER",
"SET DIRTY", "WRITE BLOCK", "WRITE BLOCK LOCK",
"READ MISS0", "READ MISS1", "READ MISS MOD0",
"READ MISS MOD1", "BCACHE VICTIM", "Spare",
"READ MISS MOD STC0", "READ MISS MOD STC1"
Reported by FlawFinder.
arch/x86/kernel/cpu/mce/inject.c
6 issues
Line: 342
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[MAX_FLAG_OPT_SIZE];
int n;
n = sprintf(buf, "%s\n", flags_options[inj_type]);
return simple_read_from_buffer(ubuf, cnt, ppos, buf, n);
}
static ssize_t flags_write(struct file *filp, const char __user *ubuf,
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i->extcpu = m->extcpu;
mb();
/* Now write record in order, finished last (except above) */
memcpy(i, m, sizeof(struct mce));
/* Finally activate it */
mb();
i->finished = 1;
}
Reported by FlawFinder.
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t flags_read(struct file *filp, char __user *ubuf,
size_t cnt, loff_t *ppos)
{
char buf[MAX_FLAG_OPT_SIZE];
int n;
n = sprintf(buf, "%s\n", flags_options[inj_type]);
return simple_read_from_buffer(ubuf, cnt, ppos, buf, n);
Reported by FlawFinder.
Line: 350
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t flags_write(struct file *filp, const char __user *ubuf,
size_t cnt, loff_t *ppos)
{
char buf[MAX_FLAG_OPT_SIZE], *__buf;
int err;
if (cnt > MAX_FLAG_OPT_SIZE)
return -EINVAL;
Reported by FlawFinder.
Line: 328
Column: 39
CWE codes:
126
int i;
for (i = 0; i < N_INJ_TYPES; i++) {
if (!strncmp(flags_options[i], buf, strlen(flags_options[i]))) {
inj_type = i;
return 0;
}
}
return -EINVAL;
Reported by FlawFinder.
Line: 644
Column: 18
CWE codes:
126
size_t cnt, loff_t *ppos)
{
return simple_read_from_buffer(ubuf, cnt, ppos,
readme_msg, strlen(readme_msg));
}
static const struct file_operations readme_fops = {
.read = inj_readme_read,
};
Reported by FlawFinder.
arch/powerpc/kernel/nvram_64.c
6 issues
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char checksum;
unsigned short length;
/* Terminating null required only for names < 12 chars. */
char name[12];
};
struct nvram_partition {
struct list_head partition;
struct nvram_header header;
Reported by FlawFinder.
Line: 585
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_notice("nvram: Using %s partition to log both"
" RTAS errors and oops/panic reports\n",
rtas_log_partition.name);
memcpy(&oops_log_partition, &rtas_log_partition,
sizeof(rtas_log_partition));
#else
pr_err("nvram: Failed to initialize oops partition!");
return;
#endif
Reported by FlawFinder.
Line: 730
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int rc;
struct nvram_header phead;
memcpy(&phead, &part->header, NVRAM_HEADER_LEN);
phead.length = cpu_to_be16(phead.length);
tmp_index = part->index;
rc = ppc_md.nvram_write((char *)&phead, NVRAM_HEADER_LEN, &tmp_index);
Reported by FlawFinder.
Line: 849
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvram_partition *part;
struct nvram_partition *new_part;
struct nvram_partition *free_part = NULL;
static char nv_init_vals[16];
loff_t tmp_index;
long size = 0;
int rc;
BUILD_BUG_ON(NVRAM_BLOCK_LEN != 16);
Reported by FlawFinder.
Line: 1015
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur_index -= NVRAM_HEADER_LEN; /* nvram_read will advance us */
memcpy(&phead, header, NVRAM_HEADER_LEN);
phead.length = be16_to_cpu(phead.length);
err = 0;
c_sum = nvram_checksum(&phead);
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&tmp_part->header, &phead, NVRAM_HEADER_LEN);
tmp_part->index = cur_index;
list_add_tail(&tmp_part->partition, &nvram_partitions);
cur_index += phead.length * NVRAM_BLOCK_LEN;
}
Reported by FlawFinder.
arch/x86/events/intel/core.c
6 issues
Line: 5009
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%lu\n", x86_pmu.attr_freeze_on_smi);
}
static DEFINE_MUTEX(freeze_on_smi_mutex);
static ssize_t freeze_on_smi_store(struct device *cdev,
Reported by FlawFinder.
Line: 5104
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL
};
static char pmu_name_str[30];
static ssize_t pmu_name_show(struct device *cdev,
struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 4185
Column: 17
CWE codes:
732
}
PMU_FORMAT_ATTR(event, "config:0-7" );
PMU_FORMAT_ATTR(umask, "config:8-15" );
PMU_FORMAT_ATTR(edge, "config:18" );
PMU_FORMAT_ATTR(pc, "config:19" );
PMU_FORMAT_ATTR(any, "config:21" ); /* v3 + */
PMU_FORMAT_ATTR(inv, "config:23" );
PMU_FORMAT_ATTR(cmask, "config:24-31" );
Reported by FlawFinder.
Line: 4931
Column: 28
CWE codes:
120
20
NULL
};
EVENT_ATTR_STR(tx-capacity-read, tx_capacity_read, "event=0x54,umask=0x80");
EVENT_ATTR_STR(tx-capacity-write, tx_capacity_write, "event=0x54,umask=0x2");
EVENT_ATTR_STR(el-capacity-read, el_capacity_read, "event=0x54,umask=0x80");
EVENT_ATTR_STR(el-capacity-write, el_capacity_write, "event=0x54,umask=0x2");
static struct attribute *icl_events_attrs[] = {
Reported by FlawFinder.
Line: 4933
Column: 28
CWE codes:
120
20
EVENT_ATTR_STR(tx-capacity-read, tx_capacity_read, "event=0x54,umask=0x80");
EVENT_ATTR_STR(tx-capacity-write, tx_capacity_write, "event=0x54,umask=0x2");
EVENT_ATTR_STR(el-capacity-read, el_capacity_read, "event=0x54,umask=0x80");
EVENT_ATTR_STR(el-capacity-write, el_capacity_write, "event=0x54,umask=0x2");
static struct attribute *icl_events_attrs[] = {
EVENT_PTR(mem_ld_hsw),
EVENT_PTR(mem_st_hsw),
Reported by FlawFinder.
Line: 5256
Column: 35
CWE codes:
120
20
EVENT_ATTR_STR_HYBRID(tx-conflict, tx_conflict_adl, "event=0x54,umask=0x1", hybrid_big);
EVENT_ATTR_STR_HYBRID(cycles-t, cycles_t_adl, "event=0x3c,in_tx=1", hybrid_big);
EVENT_ATTR_STR_HYBRID(cycles-ct, cycles_ct_adl, "event=0x3c,in_tx=1,in_tx_cp=1", hybrid_big);
EVENT_ATTR_STR_HYBRID(tx-capacity-read, tx_capacity_read_adl, "event=0x54,umask=0x80", hybrid_big);
EVENT_ATTR_STR_HYBRID(tx-capacity-write, tx_capacity_write_adl, "event=0x54,umask=0x2", hybrid_big);
static struct attribute *adl_hybrid_tsx_attrs[] = {
EVENT_PTR(tx_start_adl),
EVENT_PTR(tx_abort_adl),
Reported by FlawFinder.
arch/riscv/kernel/kgdb.c
6 issues
Line: 28
#if __riscv_xlen == 32
/* C.JAL is an RV32C-only instruction */
DECLARE_INSN(c_jal, MATCH_C_JAL, MASK_C_JAL)
#else
#define is_c_jal_insn(opcode) 0
#endif
DECLARE_INSN(jalr, MATCH_JALR, MASK_JALR)
DECLARE_INSN(jal, MATCH_JAL, MASK_JAL)
Reported by Cppcheck.
Line: 32
#else
#define is_c_jal_insn(opcode) 0
#endif
DECLARE_INSN(jalr, MATCH_JALR, MASK_JALR)
DECLARE_INSN(jal, MATCH_JAL, MASK_JAL)
DECLARE_INSN(c_jr, MATCH_C_JR, MASK_C_JR)
DECLARE_INSN(c_jalr, MATCH_C_JALR, MASK_C_JALR)
DECLARE_INSN(c_j, MATCH_C_J, MASK_C_J)
DECLARE_INSN(beq, MATCH_BEQ, MASK_BEQ)
Reported by Cppcheck.
Line: 281
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
if (!strncmp(remcom_in_buffer, gdb_xfer_read_target,
sizeof(gdb_xfer_read_target)))
strcpy(remcom_out_buffer, riscv_gdb_stub_target_desc);
else if (!strncmp(remcom_in_buffer, gdb_xfer_read_cpuxml,
sizeof(gdb_xfer_read_cpuxml)))
strcpy(remcom_out_buffer, riscv_gdb_stub_cpuxml);
}
Reported by FlawFinder.
Line: 284
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(remcom_out_buffer, riscv_gdb_stub_target_desc);
else if (!strncmp(remcom_in_buffer, gdb_xfer_read_cpuxml,
sizeof(gdb_xfer_read_cpuxml)))
strcpy(remcom_out_buffer, riscv_gdb_stub_cpuxml);
}
static inline void kgdb_arch_update_addr(struct pt_regs *regs,
char *remcom_in_buffer)
{
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
if (dbg_reg_def[regno].offset != -1)
memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
dbg_reg_def[regno].size);
else
memset(mem, 0, dbg_reg_def[regno].size);
return dbg_reg_def[regno].name;
}
Reported by FlawFinder.
Line: 245
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (dbg_reg_def[regno].offset != -1)
memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
dbg_reg_def[regno].size);
return 0;
}
void
Reported by FlawFinder.
arch/s390/hypfs/inode.c
6 issues
Line: 430
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
buffer = kmalloc(strlen(string) + 2, GFP_KERNEL);
if (!buffer)
return ERR_PTR(-ENOMEM);
sprintf(buffer, "%s\n", string);
dentry =
hypfs_create_file(dir, name, buffer, S_IFREG | REG_FILE_MODE);
if (IS_ERR(dentry)) {
kfree(buffer);
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 404
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name, __u64 value)
{
char *buffer;
char tmp[TMP_SIZE];
struct dentry *dentry;
snprintf(tmp, TMP_SIZE, "%llu\n", (unsigned long long int)value);
buffer = kstrdup(tmp, GFP_KERNEL);
if (!buffer)
Reported by FlawFinder.
Line: 148
Column: 21
CWE codes:
126
{
struct file *file = iocb->ki_filp;
char *data = file->private_data;
size_t available = strlen(data);
loff_t pos = iocb->ki_pos;
size_t count;
if (pos < 0)
return -EINVAL;
Reported by FlawFinder.
Line: 344
Column: 40
CWE codes:
126
struct inode *inode;
inode_lock(d_inode(parent));
dentry = lookup_one_len(name, parent, strlen(name));
if (IS_ERR(dentry)) {
dentry = ERR_PTR(-ENOMEM);
goto fail;
}
inode = hypfs_make_inode(parent->d_sb, mode);
Reported by FlawFinder.
Line: 358
Column: 20
CWE codes:
126
if (S_ISREG(mode)) {
inode->i_fop = &hypfs_file_ops;
if (data)
inode->i_size = strlen(data);
else
inode->i_size = 0;
} else if (S_ISDIR(mode)) {
inode->i_op = &simple_dir_inode_operations;
inode->i_fop = &simple_dir_operations;
Reported by FlawFinder.
Line: 427
Column: 19
CWE codes:
126
char *buffer;
struct dentry *dentry;
buffer = kmalloc(strlen(string) + 2, GFP_KERNEL);
if (!buffer)
return ERR_PTR(-ENOMEM);
sprintf(buffer, "%s\n", string);
dentry =
hypfs_create_file(dir, name, buffer, S_IFREG | REG_FILE_MODE);
Reported by FlawFinder.
arch/x86/include/asm/string_64.h
6 issues
Line: 63
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
int memcmp(const void *cs, const void *ct, size_t count);
size_t strlen(const char *s);
char *strcpy(char *dest, const char *src);
char *strcat(char *dest, const char *src);
int strcmp(const char *cs, const char *ct);
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
Reported by FlawFinder.
Line: 64
Column: 7
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
int memcmp(const void *cs, const void *ct, size_t count);
size_t strlen(const char *s);
char *strcpy(char *dest, const char *src);
char *strcat(char *dest, const char *src);
int strcmp(const char *cs, const char *ct);
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
/*
Reported by FlawFinder.
Line: 14
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
function. */
#define __HAVE_ARCH_MEMCPY 1
extern void *memcpy(void *to, const void *from, size_t len);
extern void *__memcpy(void *to, const void *from, size_t len);
#define __HAVE_ARCH_MEMSET
void *memset(void *s, int c, size_t n);
void *__memset(void *s, int c, size_t n);
Reported by FlawFinder.
Line: 74
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* should use not instrumented version of mem* functions.
*/
#undef memcpy
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
Reported by FlawFinder.
Line: 75
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
#undef memcpy
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
Reported by FlawFinder.
Line: 62
Column: 8
CWE codes:
126
void *__memmove(void *dest, const void *src, size_t count);
int memcmp(const void *cs, const void *ct, size_t count);
size_t strlen(const char *s);
char *strcpy(char *dest, const char *src);
char *strcat(char *dest, const char *src);
int strcmp(const char *cs, const char *ct);
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
Reported by FlawFinder.
arch/x86/crypto/ghash-clmulni-intel_glue.c
6 issues
Line: 137
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *buf = dctx->buffer;
ghash_flush(ctx, dctx);
memcpy(dst, buf, GHASH_BLOCK_SIZE);
return 0;
}
static struct shash_alg ghash_alg = {
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_update(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
return shash_ahash_update(req, desc);
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_final(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
return crypto_shash_final(desc, req->result);
Reported by FlawFinder.
Line: 216
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
ghash_async_init(req);
memcpy(dctx, in, sizeof(*dctx));
return 0;
}
static int ghash_async_export(struct ahash_request *req, void *out)
Reported by FlawFinder.
Line: 227
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
memcpy(out, dctx, sizeof(*dctx));
return 0;
}
static int ghash_async_digest(struct ahash_request *req)
Reported by FlawFinder.
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
memcpy(cryptd_req, req, sizeof(*req));
ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
return crypto_ahash_digest(cryptd_req);
} else {
struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
Reported by FlawFinder.