The following issues were found
arch/mips/kernel/traps.c
6 issues
Line: 435
CWE codes:
570
const struct exception_table_entry *e;
e = search_extable(__start___dbe_table,
__stop___dbe_table - __start___dbe_table, addr);
if (!e)
e = search_module_dbetables(addr);
return e;
}
Reported by Cppcheck.
Line: 964
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void do_trap_or_bp(struct pt_regs *regs, unsigned int code, int si_code,
const char *str)
{
char b[40];
#ifdef CONFIG_KGDB_LOW_LEVEL_TRAP
if (kgdb_ll_trap(DIE_TRAP, str, regs, code, current->thread.trap_nr,
SIGTRAP) == NOTIFY_STOP)
return;
Reported by FlawFinder.
Line: 1985
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __noreturn nmi_exception_handler(struct pt_regs *regs)
{
char str[100];
nmi_enter();
raw_notifier_call_chain(&nmi_chain, 0, regs);
bust_spinlocks(1);
snprintf(str, 100, "CPU%d NMI taken, CP0_EPC=%lx\n",
Reported by FlawFinder.
Line: 2311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void set_handler(unsigned long offset, void *addr, unsigned long size)
{
#ifdef CONFIG_CPU_MICROMIPS
memcpy((void *)(ebase + offset), ((unsigned char *)addr - 1), size);
#else
memcpy((void *)(ebase + offset), addr, size);
#endif
local_flush_icache_range(ebase + offset, ebase + offset + size);
}
Reported by FlawFinder.
Line: 2313
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_CPU_MICROMIPS
memcpy((void *)(ebase + offset), ((unsigned char *)addr - 1), size);
#else
memcpy((void *)(ebase + offset), addr, size);
#endif
local_flush_icache_range(ebase + offset, ebase + offset + size);
}
static const char panic_null_cerr[] =
Reported by FlawFinder.
Line: 2334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!addr)
panic(panic_null_cerr);
memcpy((void *)(uncached_ebase + offset), addr, size);
}
static int __initdata rdhwr_noopt;
static int __init set_rdhwr_noopt(char *str)
{
Reported by FlawFinder.
arch/um/kernel/skas/uaccess.c
6 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
unsigned long *to_ptr = arg, to = *to_ptr;
memcpy((void *) to, (void *) from, len);
*to_ptr += len;
return 0;
}
unsigned long raw_copy_from_user(void *to, const void __user *from, unsigned long n)
Reported by FlawFinder.
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long raw_copy_from_user(void *to, const void __user *from, unsigned long n)
{
if (uaccess_kernel()) {
memcpy(to, (__force void*)from, n);
return 0;
}
return buffer_op((unsigned long) from, n, 0, copy_chunk_from_user, &to);
}
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
unsigned long *from_ptr = arg, from = *from_ptr;
memcpy((void *) to, (void *) from, len);
*from_ptr += len;
return 0;
}
unsigned long raw_copy_to_user(void __user *to, const void *from, unsigned long n)
Reported by FlawFinder.
Line: 170
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long raw_copy_to_user(void __user *to, const void *from, unsigned long n)
{
if (uaccess_kernel()) {
memcpy((__force void *) to, from, n);
return 0;
}
return buffer_op((unsigned long) to, n, 1, copy_chunk_to_user, &from);
}
Reported by FlawFinder.
Line: 183
Column: 2
CWE codes:
120
char **to_ptr = arg, *to = *to_ptr;
int n;
strncpy(to, (void *) from, len);
n = strnlen(to, len);
*to_ptr += n;
if (n < len)
return 1;
Reported by FlawFinder.
Line: 198
Column: 3
CWE codes:
120
char *ptr = dst;
if (uaccess_kernel()) {
strncpy(dst, (__force void *) src, count);
return strnlen(dst, count);
}
n = buffer_op((unsigned long) src, count, 0, strncpy_chunk_from_user,
&ptr);
Reported by FlawFinder.
arch/mips/ar7/prom.c
6 issues
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 ctrl;
u16 csum;
u8 len;
char data[11];
} __packed;
struct psp_var_map_entry {
u8 num;
char *value;
Reported by FlawFinder.
Line: 116
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PSP_ENV_SIZE 4096
static char psp_env_data[PSP_ENV_SIZE] = { 0, };
static char * __init lookup_psp_var_map(u8 num)
{
int i;
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init console_config(void)
{
#ifdef CONFIG_SERIAL_8250_CONSOLE
char console_string[40];
int baud = 0;
char parity = '\0', bits = '\0', flow = '\0';
char *s, *p;
if (strstr(arcs_cmdline, "console="))
Reported by FlawFinder.
Line: 224
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bits = '8';
if (flow == 'r')
sprintf(console_string, " console=ttyS0,%d%c%c%c", baud,
parity, bits, flow);
else
sprintf(console_string, " console=ttyS0,%d%c%c", baud, parity,
bits);
strlcat(arcs_cmdline, console_string, COMMAND_LINE_SIZE);
Reported by FlawFinder.
Line: 227
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(console_string, " console=ttyS0,%d%c%c%c", baud,
parity, bits, flow);
else
sprintf(console_string, " console=ttyS0,%d%c%c", baud, parity,
bits);
strlcat(arcs_cmdline, console_string, COMMAND_LINE_SIZE);
#endif
}
Reported by FlawFinder.
Line: 163
Column: 13
CWE codes:
126
name = lookup_psp_var_map(chunks[i].num);
} else {
name = value;
value += strlen(name) + 1;
}
if (name)
add_adam2_var(name, value);
i += chunks[i].len;
}
Reported by FlawFinder.
block/partitions/ldm.c
6 issues
Line: 703
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ldm_error ("Truncating string %d -> %d.", length, buflen);
length = buflen - 1;
}
memcpy (buffer, block + 1, length);
buffer[length] = 0;
return length;
}
Reported by FlawFinder.
Line: 817
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static bool ldm_parse_dgr4 (const u8 *buffer, int buflen, struct vblk *vb)
{
char buf[64];
int r_objid, r_name, r_id1, r_id2, len;
BUG_ON (!buffer || !vb);
r_objid = ldm_relative (buffer, buflen, 0x18, 0);
Reported by FlawFinder.
Line: 1282
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
f->map |= (1 << rec);
if (!rec)
memcpy(f->data, data, VBLK_SIZE_HEAD);
data += VBLK_SIZE_HEAD;
size -= VBLK_SIZE_HEAD;
memcpy(f->data + VBLK_SIZE_HEAD + rec * size, data, size);
return true;
}
Reported by FlawFinder.
Line: 1285
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(f->data, data, VBLK_SIZE_HEAD);
data += VBLK_SIZE_HEAD;
size -= VBLK_SIZE_HEAD;
memcpy(f->data + VBLK_SIZE_HEAD + rec * size, data, size);
return true;
}
/**
* ldm_frag_free - Free a linked list of VBLK fragments
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
ldm_crit ("Cannot find TOCBLOCK, database may be corrupt.");
return false;
}
strncpy (toc->bitmap1_name, data + 0x24, sizeof (toc->bitmap1_name));
toc->bitmap1_name[sizeof (toc->bitmap1_name) - 1] = 0;
toc->bitmap1_start = get_unaligned_be64(data + 0x2E);
toc->bitmap1_size = get_unaligned_be64(data + 0x36);
if (strncmp (toc->bitmap1_name, TOC_BITMAP1,
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
120
TOC_BITMAP1, toc->bitmap1_name);
return false;
}
strncpy (toc->bitmap2_name, data + 0x46, sizeof (toc->bitmap2_name));
toc->bitmap2_name[sizeof (toc->bitmap2_name) - 1] = 0;
toc->bitmap2_start = get_unaligned_be64(data + 0x50);
toc->bitmap2_size = get_unaligned_be64(data + 0x58);
if (strncmp (toc->bitmap2_name, TOC_BITMAP2,
sizeof (toc->bitmap2_name)) != 0) {
Reported by FlawFinder.
arch/mips/cavium-octeon/crypto/octeon-md5.c
6 issues
Line: 92
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mctx->byte_count += len;
if (avail > len) {
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data, len);
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), data,
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), data,
avail);
flags = octeon_crypto_enable(&state);
octeon_md5_store_hash(mctx);
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octeon_md5_read_hash(mctx);
octeon_crypto_disable(&state, flags);
memcpy(mctx->block, data, len);
return 0;
}
static int octeon_md5_final(struct shash_desc *desc, u8 *out)
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octeon_md5_read_hash(mctx);
octeon_crypto_disable(&state, flags);
memcpy(out, mctx->hash, sizeof(mctx->hash));
memset(mctx, 0, sizeof(*mctx));
return 0;
}
Reported by FlawFinder.
Line: 161
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *ctx = shash_desc_ctx(desc);
memcpy(out, ctx, sizeof(*ctx));
return 0;
}
static int octeon_md5_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *ctx = shash_desc_ctx(desc);
memcpy(ctx, in, sizeof(*ctx));
return 0;
}
static struct shash_alg alg = {
.digestsize = MD5_DIGEST_SIZE,
Reported by FlawFinder.
arch/alpha/boot/misc.c
6 issues
Line: 30
Column: 30
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define memzero(s,n) memset ((s),0,(n))
#define puts srm_printk
extern long srm_printk(const char *, ...)
__attribute__ ((format (printf, 1, 2)));
/*
* gzip declarations
*/
#define OF(args) args
Reported by FlawFinder.
Line: 66
Column: 20
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Diagnostic functions */
#ifdef DEBUG
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
Reported by FlawFinder.
Line: 67
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
Reported by FlawFinder.
Line: 68
Column: 38
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Assert(cond,msg) {if(!(cond)) error(msg);}
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
Reported by FlawFinder.
Line: 69
Column: 44
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
# define Tracev(x)
Reported by FlawFinder.
Line: 70
Column: 47
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Tracev(x) {if (verbose) fprintf x ;}
# define Tracevv(x) {if (verbose>1) fprintf x ;}
# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
#else
# define Assert(cond,msg)
# define Trace(x)
# define Tracev(x)
# define Tracevv(x)
Reported by FlawFinder.
block/kyber-iosched.c
6 issues
Line: 865
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct kyber_queue_data *kqd = e->elevator_data; \
\
return sprintf(page, "%llu\n", kqd->latency_targets[domain]); \
} \
\
static ssize_t kyber_##name##_lat_store(struct elevator_queue *e, \
const char *page, size_t count) \
{ \
Reported by FlawFinder.
Line: 883
Column: 34
CWE codes:
120
20
\
return count; \
}
KYBER_LAT_SHOW_STORE(KYBER_READ, read);
KYBER_LAT_SHOW_STORE(KYBER_WRITE, write);
#undef KYBER_LAT_SHOW_STORE
#define KYBER_LAT_ATTR(op) __ATTR(op##_lat_nsec, 0644, kyber_##op##_lat_show, kyber_##op##_lat_store)
static struct elv_fs_entry kyber_sched_attrs[] = {
Reported by FlawFinder.
Line: 889
Column: 17
CWE codes:
120
20
#define KYBER_LAT_ATTR(op) __ATTR(op##_lat_nsec, 0644, kyber_##op##_lat_show, kyber_##op##_lat_store)
static struct elv_fs_entry kyber_sched_attrs[] = {
KYBER_LAT_ATTR(read),
KYBER_LAT_ATTR(write),
__ATTR_NULL
};
#undef KYBER_LAT_ATTR
Reported by FlawFinder.
Line: 950
Column: 40
CWE codes:
120
20
seq_printf(m, "%d\n", !list_empty_careful(&wait->entry)); \
return 0; \
}
KYBER_DEBUGFS_DOMAIN_ATTRS(KYBER_READ, read)
KYBER_DEBUGFS_DOMAIN_ATTRS(KYBER_WRITE, write)
KYBER_DEBUGFS_DOMAIN_ATTRS(KYBER_DISCARD, discard)
KYBER_DEBUGFS_DOMAIN_ATTRS(KYBER_OTHER, other)
#undef KYBER_DEBUGFS_DOMAIN_ATTRS
Reported by FlawFinder.
Line: 986
Column: 27
CWE codes:
120
20
#define KYBER_QUEUE_DOMAIN_ATTRS(name) \
{#name "_tokens", 0400, kyber_##name##_tokens_show}
static const struct blk_mq_debugfs_attr kyber_queue_debugfs_attrs[] = {
KYBER_QUEUE_DOMAIN_ATTRS(read),
KYBER_QUEUE_DOMAIN_ATTRS(write),
KYBER_QUEUE_DOMAIN_ATTRS(discard),
KYBER_QUEUE_DOMAIN_ATTRS(other),
{"async_depth", 0400, kyber_async_depth_show},
{},
Reported by FlawFinder.
Line: 999
Column: 26
CWE codes:
120
20
{#name "_rqs", 0400, .seq_ops = &kyber_##name##_rqs_seq_ops}, \
{#name "_waiting", 0400, kyber_##name##_waiting_show}
static const struct blk_mq_debugfs_attr kyber_hctx_debugfs_attrs[] = {
KYBER_HCTX_DOMAIN_ATTRS(read),
KYBER_HCTX_DOMAIN_ATTRS(write),
KYBER_HCTX_DOMAIN_ATTRS(discard),
KYBER_HCTX_DOMAIN_ATTRS(other),
{"cur_domain", 0400, kyber_cur_domain_show},
{"batching", 0400, kyber_batching_show},
Reported by FlawFinder.
arch/powerpc/kernel/kvm.c
6 issues
Line: 136
CWE codes:
570
{
u32 *p;
if ((kvm_tmp_index + len) > (kvm_tmp_end - kvm_tmp)) {
printk(KERN_ERR "KVM: No more space (%d + %d)\n",
kvm_tmp_index, len);
kvm_patching_worked = false;
return NULL;
}
Reported by Cppcheck.
Line: 178
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Modify the chunk to fit the invocation */
memcpy(p, kvm_emulate_mtmsrd, kvm_emulate_mtmsrd_len * 4);
p[kvm_emulate_mtmsrd_branch_offs] |= distance_end & KVM_INST_B_MASK;
switch (get_rt(rt)) {
case 30:
kvm_patch_ins_ll(&p[kvm_emulate_mtmsrd_reg_offs],
magic_var(scratch2), KVM_RT_30);
Reported by FlawFinder.
Line: 231
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Modify the chunk to fit the invocation */
memcpy(p, kvm_emulate_mtmsr, kvm_emulate_mtmsr_len * 4);
p[kvm_emulate_mtmsr_branch_offs] |= distance_end & KVM_INST_B_MASK;
/* Make clobbered registers work too */
switch (get_rt(rt)) {
case 30:
Reported by FlawFinder.
Line: 292
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Modify the chunk to fit the invocation */
memcpy(p, kvm_emulate_wrtee, kvm_emulate_wrtee_len * 4);
p[kvm_emulate_wrtee_branch_offs] |= distance_end & KVM_INST_B_MASK;
if (imm_one) {
p[kvm_emulate_wrtee_reg_offs] =
KVM_INST_LI | __PPC_RT(R30) | MSR_EE;
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(p, kvm_emulate_wrteei_0, kvm_emulate_wrteei_0_len * 4);
p[kvm_emulate_wrteei_0_branch_offs] |= distance_end & KVM_INST_B_MASK;
flush_icache_range((ulong)p, (ulong)p + kvm_emulate_wrteei_0_len * 4);
/* Patch the invocation */
kvm_patch_ins_b(inst, distance_start);
Reported by FlawFinder.
Line: 390
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Modify the chunk to fit the invocation */
memcpy(p, kvm_emulate_mtsrin, kvm_emulate_mtsrin_len * 4);
p[kvm_emulate_mtsrin_branch_offs] |= distance_end & KVM_INST_B_MASK;
p[kvm_emulate_mtsrin_reg1_offs] |= (rb << 10);
p[kvm_emulate_mtsrin_reg2_offs] |= rt;
p[kvm_emulate_mtsrin_orig_ins_offs] = *inst;
flush_icache_range((ulong)p, (ulong)p + kvm_emulate_mtsrin_len * 4);
Reported by FlawFinder.
arch/x86/kernel/ksysfs.c
6 issues
Line: 25
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t version_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "0x%04x\n", boot_params.hdr.version);
}
static struct kobj_attribute boot_params_version_attr = __ATTR_RO(version);
static ssize_t boot_params_data_read(struct file *fp, struct kobject *kobj,
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bin_attribute *bin_attr,
char *buf, loff_t off, size_t count)
{
memcpy(buf, (void *)&boot_params + off, count);
return count;
}
static struct bin_attribute boot_params_data_attr = {
.attr = {
Reported by FlawFinder.
Line: 139
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
if (data->type == SETUP_INDIRECT)
ret = sprintf(buf, "0x%x\n", ((struct setup_indirect *)data->data)->type);
else
ret = sprintf(buf, "0x%x\n", data->type);
memunmap(data);
return ret;
}
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->type == SETUP_INDIRECT)
ret = sprintf(buf, "0x%x\n", ((struct setup_indirect *)data->data)->type);
else
ret = sprintf(buf, "0x%x\n", data->type);
memunmap(data);
return ret;
}
static ssize_t setup_data_data_read(struct file *fp,
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -ENOMEM;
goto out;
}
memcpy(buf, p + off, count);
memunmap(p);
out:
memunmap(data);
return ret;
}
Reported by FlawFinder.
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = 0;
size_t size;
struct kobject *kobj;
char name[16]; /* should be enough for setup_data nodes numbers */
snprintf(name, 16, "%d", nr);
kobj = kobject_create_and_add(name, parent);
if (!kobj)
return -ENOMEM;
Reported by FlawFinder.
arch/mips/kernel/kgdb.c
6 issues
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (dbg_reg_def[regno].offset != -1 && regno < 38) {
memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
dbg_reg_def[regno].size);
} else if (current && dbg_reg_def[regno].offset != -1 && regno < 72) {
/* FP registers 38 -> 69 */
if (!(regs->cp0_status & ST0_CU1))
return 0;
Reported by FlawFinder.
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
if (regno == 70) {
/* Process the fcr31/fsr (register 70) */
memcpy((void *)¤t->thread.fpu.fcr31, mem,
dbg_reg_def[regno].size);
goto out_save;
} else if (regno == 71) {
/* Ignore the fir (register 71) */
goto out_save;
Reported by FlawFinder.
Line: 154
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_save;
}
fp_reg = dbg_reg_def[regno].offset;
memcpy((void *)¤t->thread.fpu.fpr[fp_reg], mem,
dbg_reg_def[regno].size);
out_save:
restore_fp(current);
}
Reported by FlawFinder.
Line: 172
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dbg_reg_def[regno].offset != -1 && regno < 38) {
/* First 38 registers */
memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
dbg_reg_def[regno].size);
} else if (current && dbg_reg_def[regno].offset != -1 && regno < 72) {
/* FP registers 38 -> 69 */
if (!(regs->cp0_status & ST0_CU1))
goto out;
Reported by FlawFinder.
Line: 181
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
save_fp(current);
if (regno == 70) {
/* Process the fcr31/fsr (register 70) */
memcpy(mem, (void *)¤t->thread.fpu.fcr31,
dbg_reg_def[regno].size);
goto out;
} else if (regno == 71) {
/* Ignore the fir (register 71) */
memset(mem, 0, dbg_reg_def[regno].size);
Reported by FlawFinder.
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
fp_reg = dbg_reg_def[regno].offset;
memcpy(mem, (void *)¤t->thread.fpu.fpr[fp_reg],
dbg_reg_def[regno].size);
}
out:
return dbg_reg_def[regno].name;
Reported by FlawFinder.