The following issues were found
arch/x86/lib/kaslr.c
6 issues
Line: 65
Column: 4
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (has_cpuflag(X86_FEATURE_RDRAND)) {
debug_putstr(" RDRAND");
if (rdrand_long(&raw)) {
random ^= raw;
use_i8254 = false;
}
}
if (has_cpuflag(X86_FEATURE_TSC)) {
Reported by FlawFinder.
Line: 74
Column: 3
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
debug_putstr(" RDTSC");
raw = rdtsc();
random ^= raw;
use_i8254 = false;
}
if (use_i8254) {
debug_putstr(" i8254");
Reported by FlawFinder.
Line: 80
Column: 3
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (use_i8254) {
debug_putstr(" i8254");
random ^= i8254();
}
/* Circular multiply for better bit diffusion */
asm(_ASM_MUL "%3"
: "=a" (random), "=d" (raw)
Reported by FlawFinder.
Line: 85
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/* Circular multiply for better bit diffusion */
asm(_ASM_MUL "%3"
: "=a" (random), "=d" (raw)
: "a" (random), "rm" (mix_const));
random += raw;
debug_putstr("...\n");
Reported by FlawFinder.
Line: 86
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/* Circular multiply for better bit diffusion */
asm(_ASM_MUL "%3"
: "=a" (random), "=d" (raw)
: "a" (random), "rm" (mix_const));
random += raw;
debug_putstr("...\n");
return random;
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
debug_putstr("...\n");
return random;
}
Reported by FlawFinder.
arch/powerpc/platforms/pseries/mobility.c
6 issues
Line: 56
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&rtas_data_buf_lock);
memcpy(rtas_data_buf, buf, RTAS_DATA_BUF_SIZE);
rc = rtas_call(token, 2, 1, NULL, rtas_data_buf, scope);
memcpy(buf, rtas_data_buf, RTAS_DATA_BUF_SIZE);
spin_unlock(&rtas_data_buf_lock);
return rc;
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(rtas_data_buf, buf, RTAS_DATA_BUF_SIZE);
rc = rtas_call(token, 2, 1, NULL, rtas_data_buf, scope);
memcpy(buf, rtas_data_buf, RTAS_DATA_BUF_SIZE);
spin_unlock(&rtas_data_buf_lock);
return rc;
}
Reported by FlawFinder.
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_data)
return -ENOMEM;
memcpy(new_data, new_prop->value, new_prop->length);
memcpy(new_data + new_prop->length, value, vd);
kfree(new_prop->value);
new_prop->value = new_data;
new_prop->length += vd;
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
memcpy(new_data, new_prop->value, new_prop->length);
memcpy(new_data + new_prop->length, value, vd);
kfree(new_prop->value);
new_prop->value = new_data;
new_prop->length += vd;
} else {
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(new_prop->value, value, vd);
*prop = new_prop;
}
if (!more) {
pr_debug("updating node %pOF property %s\n", dn, name);
Reported by FlawFinder.
Line: 179
Column: 17
CWE codes:
126
char *prop_name;
prop_name = prop_data;
prop_data += strlen(prop_name) + 1;
vd = be32_to_cpu(*(__be32 *)prop_data);
prop_data += sizeof(vd);
switch (vd) {
case 0x00000000:
Reported by FlawFinder.
arch/powerpc/boot/serial.c
6 issues
Line: 25
Column: 15
CWE codes:
362
static int serial_open(void)
{
struct serial_console_data *scdp = console_ops.data;
return scdp->open();
}
static void serial_write(const char *buf, int len)
{
struct serial_console_data *scdp = console_ops.data;
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void *serial_get_stdout_devp(void)
{
void *devp;
char devtype[MAX_PROP_LEN];
char path[MAX_PATH_LEN];
devp = finddevice("/chosen");
if (devp == NULL)
goto err_out;
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
void *devp;
char devtype[MAX_PROP_LEN];
char path[MAX_PATH_LEN];
devp = finddevice("/chosen");
if (devp == NULL)
goto err_out;
Reported by FlawFinder.
Line: 43
Column: 10
CWE codes:
126
struct serial_console_data *scdp = console_ops.data;
cp = buf;
count = strlen(buf);
cp = &buf[count];
count++;
do {
if (scdp->tstc()) {
Reported by FlawFinder.
Line: 49
Column: 24
CWE codes:
120
20
do {
if (scdp->tstc()) {
while (((ch = scdp->getc()) != '\n') && (ch != '\r')) {
/* Test for backspace/delete */
if ((ch == '\b') || (ch == '\177')) {
if (cp != buf) {
cp--;
count--;
Reported by FlawFinder.
Line: 148
Column: 17
CWE codes:
120
20
console_ops.close = serial_close;
console_ops.data = &serial_cd;
if (serial_cd.getc)
console_ops.edit_cmdline = serial_edit_cmdline;
return 0;
}
err_out:
Reported by FlawFinder.
arch/powerpc/platforms/pseries/papr_scm.c
6 issues
Line: 339
CWE codes:
476
/* Successfully fetched the requested stats from phyp */
dev_dbg(&p->pdev->dev,
"Performance stats returned %d stats\n",
be32_to_cpu(buff_stats->num_statistics));
return 0;
}
/*
* Issue hcall to retrieve dimm health info and populate papr_scm_priv with the
Reported by Cppcheck.
Line: 285
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Setup the out buffer */
if (buff_stats) {
memcpy(buff_stats->eye_catcher,
PAPR_SCM_PERF_STATS_EYECATCHER, 8);
buff_stats->stats_version =
cpu_to_be32(PAPR_SCM_PERF_STATS_VERSION);
buff_stats->num_statistics =
cpu_to_be32(num_stats);
Reported by FlawFinder.
Line: 404
Column: 11
CWE codes:
120
20
{
unsigned long data[PLPAR_HCALL_BUFSIZE];
unsigned long offset, data_offset;
int len, read;
int64_t ret;
if ((hdr->in_offset + hdr->in_length) > p->metadata_size)
return -EINVAL;
Reported by FlawFinder.
Line: 410
Column: 41
CWE codes:
120
20
if ((hdr->in_offset + hdr->in_length) > p->metadata_size)
return -EINVAL;
for (len = hdr->in_length; len; len -= read) {
data_offset = hdr->in_length - len;
offset = hdr->in_offset + data_offset;
if (len >= 8)
Reported by FlawFinder.
Line: 425
Column: 15
CWE codes:
120
20
read = 1;
ret = plpar_hcall(H_SCM_READ_METADATA, data, p->drc_index,
offset, read);
if (ret == H_PARAMETER) /* bad DRC index */
return -ENODEV;
if (ret)
return -EINVAL; /* other invalid parameter */
Reported by FlawFinder.
Line: 432
Column: 11
CWE codes:
120
20
if (ret)
return -EINVAL; /* other invalid parameter */
switch (read) {
case 8:
*(uint64_t *)(hdr->out_buf + data_offset) = be64_to_cpu(data[0]);
break;
case 4:
*(uint32_t *)(hdr->out_buf + data_offset) = be32_to_cpu(data[0] & 0xffffffff);
Reported by FlawFinder.
arch/sparc/crypto/md5_glue.c
6 issues
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->byte_count += len;
if (partial) {
done = MD5_HMAC_BLOCK_SIZE - partial;
memcpy((u8 *)sctx->block + partial, data, done);
md5_sparc64_transform(sctx->hash, (u8 *)sctx->block, 1);
}
if (len - done >= MD5_HMAC_BLOCK_SIZE) {
const unsigned int rounds = (len - done) / MD5_HMAC_BLOCK_SIZE;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
done += rounds * MD5_HMAC_BLOCK_SIZE;
}
memcpy(sctx->block, data + done, len - done);
}
static int md5_sparc64_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 76
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Handle the fast case right here */
if (partial + len < MD5_HMAC_BLOCK_SIZE) {
sctx->byte_count += len;
memcpy((u8 *)sctx->block + partial, data, len);
} else
__md5_sparc64_update(sctx, data, len, partial);
return 0;
}
Reported by FlawFinder.
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* We need to fill a whole block for __md5_sparc64_update() */
if (padlen <= 56) {
sctx->byte_count += padlen;
memcpy((u8 *)sctx->block + index, padding, padlen);
} else {
__md5_sparc64_update(sctx, padding, padlen, index);
}
__md5_sparc64_update(sctx, (const u8 *)&bits, sizeof(bits), 56);
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int md5_sparc64_import(struct shash_desc *desc, const void *in)
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg alg = {
Reported by FlawFinder.
arch/powerpc/platforms/pseries/lparcfg.c
6 issues
Line: 341
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SPLPAR_CHARACTERISTICS_TOKEN,
__pa(rtas_data_buf),
RTAS_DATA_BUF_SIZE);
memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH);
local_buffer[SPLPAR_MAXLENGTH - 1] = '\0';
spin_unlock(&rtas_data_buf_lock);
if (call_status != 0) {
printk(KERN_INFO
Reported by FlawFinder.
Line: 383
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* code here to replace workbuffer contents
with different keyword strings */
if (0 == strcmp(workbuffer, "MaxEntCap")) {
strcpy(workbuffer,
"partition_max_entitled_capacity");
w_idx = strlen(workbuffer);
}
if (0 == strcmp(workbuffer, "MaxPlatProcs")) {
strcpy(workbuffer,
Reported by FlawFinder.
Line: 388
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
w_idx = strlen(workbuffer);
}
if (0 == strcmp(workbuffer, "MaxPlatProcs")) {
strcpy(workbuffer,
"system_potential_processors");
w_idx = strlen(workbuffer);
}
}
}
Reported by FlawFinder.
Line: 635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t lparcfg_write(struct file *file, const char __user * buf,
size_t count, loff_t * off)
{
char kbuf[64];
char *tmp;
u64 new_entitled, *new_entitled_ptr = &new_entitled;
u8 new_weight, *new_weight_ptr = &new_weight;
ssize_t retval;
Reported by FlawFinder.
Line: 385
Column: 14
CWE codes:
126
if (0 == strcmp(workbuffer, "MaxEntCap")) {
strcpy(workbuffer,
"partition_max_entitled_capacity");
w_idx = strlen(workbuffer);
}
if (0 == strcmp(workbuffer, "MaxPlatProcs")) {
strcpy(workbuffer,
"system_potential_processors");
w_idx = strlen(workbuffer);
Reported by FlawFinder.
Line: 390
Column: 14
CWE codes:
126
if (0 == strcmp(workbuffer, "MaxPlatProcs")) {
strcpy(workbuffer,
"system_potential_processors");
w_idx = strlen(workbuffer);
}
}
}
kfree(workbuffer);
local_buffer -= 2; /* back up over strlen value */
Reported by FlawFinder.
arch/powerpc/perf/ppc970-pmu.c
6 issues
Line: 380
CWE codes:
788
/* add events on higher-numbered bus */
mmcr1 |= 1ull << mmcr1_adder_bits[pmc];
}
pmcsel[pmc] = psel;
hwc[i] = pmc;
spcsel = (event[i] >> PM_SPCSEL_SH) & PM_SPCSEL_MSK;
mmcr1 |= spcsel;
if (p970_marked_instr_event(event[i]))
mmcra |= MMCRA_SAMPLE_ENABLE;
Reported by Cppcheck.
Line: 129
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 0-13: Count of events needing PMC2..PMC8
*/
static unsigned char direct_marked_event[8] = {
(1<<2) | (1<<3), /* PMC1: PM_MRK_GRP_DISP, PM_MRK_ST_CMPL */
(1<<3) | (1<<5), /* PMC2: PM_THRESH_TIMEO, PM_MRK_BRU_FIN */
(1<<3) | (1<<5), /* PMC3: PM_MRK_ST_CMPL_INT, PM_MRK_VMX_FIN */
(1<<4) | (1<<5), /* PMC4: PM_MRK_GRP_CMPL, PM_MRK_CRU_FIN */
(1<<4) | (1<<5), /* PMC5: PM_GRP_MRK, PM_MRK_GRP_TIMEO */
Reported by FlawFinder.
Line: 267
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ttm, grp;
unsigned int pmc_inuse = 0;
unsigned int pmc_grp_use[2];
unsigned char busbyte[4];
unsigned char unituse[16];
unsigned char unitmap[] = { 0, 0<<3, 3<<3, 1<<3, 2<<3, 0|4, 3|4 };
unsigned char ttmuse[2];
unsigned char pmcsel[8];
int i;
Reported by FlawFinder.
Line: 268
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int pmc_inuse = 0;
unsigned int pmc_grp_use[2];
unsigned char busbyte[4];
unsigned char unituse[16];
unsigned char unitmap[] = { 0, 0<<3, 3<<3, 1<<3, 2<<3, 0|4, 3|4 };
unsigned char ttmuse[2];
unsigned char pmcsel[8];
int i;
int spcsel;
Reported by FlawFinder.
Line: 270
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char busbyte[4];
unsigned char unituse[16];
unsigned char unitmap[] = { 0, 0<<3, 3<<3, 1<<3, 2<<3, 0|4, 3|4 };
unsigned char ttmuse[2];
unsigned char pmcsel[8];
int i;
int spcsel;
if (n_ev > 8)
Reported by FlawFinder.
Line: 271
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char unituse[16];
unsigned char unitmap[] = { 0, 0<<3, 3<<3, 1<<3, 2<<3, 0|4, 3|4 };
unsigned char ttmuse[2];
unsigned char pmcsel[8];
int i;
int spcsel;
if (n_ev > 8)
return -1;
Reported by FlawFinder.
arch/sparc/kernel/sstate.c
6 issues
Line: 38
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static const char booting_msg[32] __attribute__((aligned(32))) =
"Linux booting";
static const char running_msg[32] __attribute__((aligned(32))) =
"Linux running";
static const char halting_msg[32] __attribute__((aligned(32))) =
"Linux halting";
Reported by FlawFinder.
Line: 40
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char booting_msg[32] __attribute__((aligned(32))) =
"Linux booting";
static const char running_msg[32] __attribute__((aligned(32))) =
"Linux running";
static const char halting_msg[32] __attribute__((aligned(32))) =
"Linux halting";
static const char poweroff_msg[32] __attribute__((aligned(32))) =
"Linux powering off";
Reported by FlawFinder.
Line: 42
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Linux booting";
static const char running_msg[32] __attribute__((aligned(32))) =
"Linux running";
static const char halting_msg[32] __attribute__((aligned(32))) =
"Linux halting";
static const char poweroff_msg[32] __attribute__((aligned(32))) =
"Linux powering off";
static const char rebooting_msg[32] __attribute__((aligned(32))) =
"Linux rebooting";
Reported by FlawFinder.
Line: 44
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Linux running";
static const char halting_msg[32] __attribute__((aligned(32))) =
"Linux halting";
static const char poweroff_msg[32] __attribute__((aligned(32))) =
"Linux powering off";
static const char rebooting_msg[32] __attribute__((aligned(32))) =
"Linux rebooting";
static const char panicking_msg[32] __attribute__((aligned(32))) =
"Linux panicking";
Reported by FlawFinder.
Line: 46
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Linux halting";
static const char poweroff_msg[32] __attribute__((aligned(32))) =
"Linux powering off";
static const char rebooting_msg[32] __attribute__((aligned(32))) =
"Linux rebooting";
static const char panicking_msg[32] __attribute__((aligned(32))) =
"Linux panicking";
static int sstate_reboot_call(struct notifier_block *np, unsigned long type, void *_unused)
Reported by FlawFinder.
Line: 48
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Linux powering off";
static const char rebooting_msg[32] __attribute__((aligned(32))) =
"Linux rebooting";
static const char panicking_msg[32] __attribute__((aligned(32))) =
"Linux panicking";
static int sstate_reboot_call(struct notifier_block *np, unsigned long type, void *_unused)
{
const char *msg;
Reported by FlawFinder.
arch/x86/kernel/ftrace.c
6 issues
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ftrace_verify_code(unsigned long ip, const char *old_code)
{
char cur_code[MCOUNT_INSN_SIZE];
/*
* Note:
* We are paranoid about modifying text, as if a bug was to happen, it
* could cause us to read or write to someplace that could cause harm.
Reported by FlawFinder.
Line: 304
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* ftrace_ops that will be passed to the callback function.
*/
union ftrace_op_code_union {
char code[OP_REF_SIZE];
struct {
char op[3];
int offset;
} __attribute__((packed));
};
Reported by FlawFinder.
Line: 306
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union ftrace_op_code_union {
char code[OP_REF_SIZE];
struct {
char op[3];
int offset;
} __attribute__((packed));
};
#define RET_SIZE 1
Reported by FlawFinder.
Line: 397
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*ptr = (unsigned long)ops;
op_offset -= start_offset;
memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
/* Are we pointing to the reference? */
if (WARN_ON(memcmp(op_ptr.op, op_ref, 3) != 0))
goto fail;
Reported by FlawFinder.
Line: 410
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
op_ptr.offset = offset;
/* put in the new offset to the ftrace_ops */
memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
/* put in the call to the function */
mutex_lock(&text_mutex);
call_offset -= start_offset;
memcpy(trampoline + call_offset,
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* put in the call to the function */
mutex_lock(&text_mutex);
call_offset -= start_offset;
memcpy(trampoline + call_offset,
text_gen_insn(CALL_INSN_OPCODE,
trampoline + call_offset,
ftrace_ops_get_func(ops)), CALL_INSN_SIZE);
mutex_unlock(&text_mutex);
Reported by FlawFinder.
arch/powerpc/platforms/pseries/lpar.c
6 issues
Line: 503
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long time_limit = jiffies + HZ;
struct vcpu_dispatch_data *disp;
int rc, cmd, cpu;
char buf[16];
if (count > 15)
return -EINVAL;
if (copy_from_user(buf, p, count))
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char __user *p, size_t count, loff_t *ppos)
{
int rc, freq;
char buf[16];
if (count > 15)
return -EINVAL;
if (copy_from_user(buf, p, count))
Reported by FlawFinder.
Line: 1439
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init pseries_lpar_read_hblkrm_characteristics(void)
{
unsigned char local_buffer[SPLPAR_TLB_BIC_MAXLENGTH];
int call_status, len, idx, bpsize;
if (!firmware_has_feature(FW_FEATURE_BLOCK_REMOVE))
return;
Reported by FlawFinder.
Line: 1452
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SPLPAR_TLB_BIC_TOKEN,
__pa(rtas_data_buf),
RTAS_DATA_BUF_SIZE);
memcpy(local_buffer, rtas_data_buf, SPLPAR_TLB_BIC_MAXLENGTH);
local_buffer[SPLPAR_TLB_BIC_MAXLENGTH - 1] = '\0';
spin_unlock(&rtas_data_buf_lock);
if (call_status != 0) {
pr_warn("%s %s Error calling get-system-parameter (0x%x)\n",
Reported by FlawFinder.
Line: 2012
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init vpa_debugfs_init(void)
{
char name[16];
long i;
struct dentry *vpa_dir;
if (!firmware_has_feature(FW_FEATURE_SPLPAR))
return 0;
Reported by FlawFinder.
Line: 2023
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* set up the per-cpu vpa file*/
for_each_possible_cpu(i) {
sprintf(name, "cpu-%ld", i);
debugfs_create_file(name, 0400, vpa_dir, (void *)i, &vpa_fops);
}
return 0;
}
Reported by FlawFinder.