The following issues were found
drivers/pps/sysfs.c
6 issues
Line: 69
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct pps_device *pps = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", pps->info.name);
}
static DEVICE_ATTR_RO(name);
static ssize_t path_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct pps_device *pps = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", pps->info.path);
}
static DEVICE_ATTR_RO(path);
static struct attribute *pps_attrs[] = {
&dev_attr_assert.attr,
Reported by FlawFinder.
Line: 26
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(pps->info.mode & PPS_CAPTUREASSERT))
return 0;
return sprintf(buf, "%lld.%09d#%d\n",
(long long) pps->assert_tu.sec, pps->assert_tu.nsec,
pps->assert_sequence);
}
static DEVICE_ATTR_RO(assert);
Reported by FlawFinder.
Line: 40
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(pps->info.mode & PPS_CAPTURECLEAR))
return 0;
return sprintf(buf, "%lld.%09d#%d\n",
(long long) pps->clear_tu.sec, pps->clear_tu.nsec,
pps->clear_sequence);
}
static DEVICE_ATTR_RO(clear);
Reported by FlawFinder.
Line: 51
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct pps_device *pps = dev_get_drvdata(dev);
return sprintf(buf, "%4x\n", pps->info.mode);
}
static DEVICE_ATTR_RO(mode);
static ssize_t echo_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 60
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct pps_device *pps = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", !!pps->info.echo);
}
static DEVICE_ATTR_RO(echo);
static ssize_t name_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
drivers/powercap/powercap_sys.c
6 issues
Line: 352
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct powercap_zone *power_zone = to_powercap_zone(dev);
return sprintf(buf, "%s\n", power_zone->name);
}
static DEVICE_ATTR_RO(name);
/* Create zone and attributes in sysfs */
Reported by FlawFinder.
Line: 29
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
if (power_zone->ops->get_##_attr) { \
if (!power_zone->ops->get_##_attr(power_zone, &value)) \
len = sprintf(buf, "%lld\n", value); \
} \
\
return len; \
}
Reported by FlawFinder.
Line: 77
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pconst = &power_zone->constraints[id]; \
if (pconst && pconst->ops && pconst->ops->get_##_attr) { \
if (!pconst->ops->get_##_attr(power_zone, id, &value)) \
len = sprintf(buf, "%lld\n", value); \
} \
\
return len; \
}
Reported by FlawFinder.
Line: 173
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pconst && pconst->ops && pconst->ops->get_name) {
name = pconst->ops->get_name(power_zone, id);
if (name) {
sprintf(buf, "%.*s\n", POWERCAP_CONSTRAINT_NAME_LEN - 1,
name);
len = strlen(buf);
}
}
Reported by FlawFinder.
Line: 440
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mode = false;
}
return sprintf(buf, "%d\n", mode);
}
static ssize_t enabled_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 175
Column: 10
CWE codes:
126
if (name) {
sprintf(buf, "%.*s\n", POWERCAP_CONSTRAINT_NAME_LEN - 1,
name);
len = strlen(buf);
}
}
return len;
}
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
6 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target = wmi_priv.current_system_password;
if (!target)
return -EIO;
memcpy(target, buf, length);
target[length] = '\0';
return count;
}
Reported by FlawFinder.
Line: 108
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
char *buf)
{
return sprintf(buf, "password\n");
}
static struct kobj_attribute po_mechanism = __ATTR_RO(mechanism);
static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
Reported by FlawFinder.
Line: 117
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
if (strcmp(kobj->name, "Admin") == 0)
return sprintf(buf, "bios-admin\n");
else if (strcmp(kobj->name, "System") == 0)
return sprintf(buf, "power-on\n");
return -EIO;
}
Reported by FlawFinder.
Line: 119
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (strcmp(kobj->name, "Admin") == 0)
return sprintf(buf, "bios-admin\n");
else if (strcmp(kobj->name, "System") == 0)
return sprintf(buf, "power-on\n");
return -EIO;
}
static struct kobj_attribute po_role = __ATTR_RO(role);
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
126
char *target = NULL;
int length;
length = strlen(buf);
if (buf[length-1] == '\n')
length--;
/* firmware does verifiation of min/max password length,
* hence only check for not exceeding MAX_BUFF here.
Reported by FlawFinder.
Line: 85
Column: 6
CWE codes:
126
if (p != NULL)
*p = '\0';
if (strlen(buf_cp) > MAX_BUFF) {
ret = -EINVAL;
goto out;
}
ret = set_new_password(kobj->name, buf_cp);
Reported by FlawFinder.
drivers/platform/x86/dell/dell_rbu.c
6 issues
Line: 65
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int entry_created;
} rbu_data;
static char image_type[MAX_IMAGE_LENGTH + 1] = "mono";
module_param_string(image_type, image_type, sizeof (image_type), 0);
MODULE_PARM_DESC(image_type, "BIOS image type. choose- mono or packet or init");
static unsigned long allocation_floor = 0x100000;
module_param(allocation_floor, ulong, 0644);
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&newpacket->list);
list_add_tail(&newpacket->list, &packet_data_head.list);
memcpy(newpacket->data, data, length);
pr_debug("exit\n");
out_alloc_packet_array:
/* always free packet array */
Reported by FlawFinder.
Line: 274
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
/* copy the remaining */
bytes_copied = length;
memcpy(data, ptemp_buf, bytes_copied);
}
return bytes_copied;
}
static int packet_read_list(char *data, size_t * pread_length)
Reported by FlawFinder.
Line: 510
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&rbu_data.lock);
if (!strcmp(image_type, "mono")) {
if (!img_update_realloc(fw->size))
memcpy(rbu_data.image_update_buffer,
fw->data, fw->size);
} else if (!strcmp(image_type, "packet")) {
/*
* we need to free previous packets if a
* new hunk of packets needs to be downloaded
Reported by FlawFinder.
Line: 562
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buffer[count] = '\0';
if (strstr(buffer, "mono"))
strcpy(image_type, "mono");
else if (strstr(buffer, "packet"))
strcpy(image_type, "packet");
else if (strstr(buffer, "init")) {
/*
* If due to the user error the driver gets in a bad
Reported by FlawFinder.
Line: 564
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (strstr(buffer, "mono"))
strcpy(image_type, "mono");
else if (strstr(buffer, "packet"))
strcpy(image_type, "packet");
else if (strstr(buffer, "init")) {
/*
* If due to the user error the driver gets in a bad
* state where even though it is loaded , the
* /sys/class/firmware/dell_rbu entries are missing.
Reported by FlawFinder.
drivers/power/supply/ltc4162-l-charger.c
6 issues
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
return sprintf(buf, "%s\n", result);
}
static DEVICE_ATTR_RO(charge_status);
static ssize_t vbat_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 544
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n", val.intval);
}
static DEVICE_ATTR_RO(vbat);
static ssize_t vbat_avg_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 560
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n", val.intval);
}
static DEVICE_ATTR_RO(vbat_avg);
static ssize_t ibat_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 576
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n", val.intval);
}
static DEVICE_ATTR_RO(ibat);
static ssize_t force_telemetry_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 592
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u\n", regval & BIT(2) ? 1 : 0);
}
static ssize_t force_telemetry_store(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 631
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u\n",
regval == LTC4162L_ARM_SHIP_MODE_MAGIC ? 1 : 0);
}
static ssize_t arm_ship_mode_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/wmm.c
6 issues
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&ra_list->list);
skb_queue_head_init(&ra_list->skb_head);
memcpy(ra_list->ra, ra, ETH_ALEN);
ra_list->total_pkt_count = 0;
mwifiex_dbg(adapter, INFO, "info: allocated ra_list %p\n", ra_list);
Reported by FlawFinder.
Line: 836
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ethhdr *eth_hdr = (struct ethhdr *)skb->data;
struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
memcpy(ra, eth_hdr->h_dest, ETH_ALEN);
if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA &&
ISSUPP_TDLS_ENABLED(adapter->fw_cap_info)) {
if (ntohs(eth_hdr->h_proto) == ETH_P_TDLS)
mwifiex_dbg(adapter, DATA,
Reported by FlawFinder.
Line: 885
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
} else {
memcpy(ra, skb->data, ETH_ALEN);
if (ra[0] & 0x01 || mwifiex_is_skb_mgmt_frame(skb))
eth_broadcast_addr(ra);
ra_list = mwifiex_wmm_get_queue_raptr(priv, tid_down, ra);
}
Reported by FlawFinder.
Line: 992
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct ieee_types_wmm_parameter))
break;
memcpy((u8 *) &priv->curr_bss_params.bss_descriptor.
wmm_ie, wmm_param_ie,
wmm_param_ie->vend_hdr.len + 2);
break;
Reported by FlawFinder.
Line: 1049
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wmm_tlv = (struct mwifiex_ie_types_wmm_param_set *) *assoc_buf;
wmm_tlv->header.type = cpu_to_le16((u16) wmm_info_ie[0]);
wmm_tlv->header.len = cpu_to_le16((u16) wmm_info_ie[1]);
memcpy(wmm_tlv->wmm_ie, &wmm_info_ie[2],
le16_to_cpu(wmm_tlv->header.len));
if (wmm_ie->qos_info_bitmap & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD)
memcpy((u8 *) (wmm_tlv->wmm_ie
+ le16_to_cpu(wmm_tlv->header.len)
- sizeof(priv->wmm_qosinfo)),
Reported by FlawFinder.
Line: 1052
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(wmm_tlv->wmm_ie, &wmm_info_ie[2],
le16_to_cpu(wmm_tlv->header.len));
if (wmm_ie->qos_info_bitmap & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD)
memcpy((u8 *) (wmm_tlv->wmm_ie
+ le16_to_cpu(wmm_tlv->header.len)
- sizeof(priv->wmm_qosinfo)),
&priv->wmm_qosinfo, sizeof(priv->wmm_qosinfo));
ret_len = sizeof(wmm_tlv->header)
Reported by FlawFinder.
drivers/power/supply/ds2781_battery.c
6 issues
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *voltage_uV)
{
int ret;
char val[2];
int voltage_raw;
ret = w1_ds2781_read(dev_info, val, DS2781_VOLT_MSB, 2 * sizeof(u8));
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 192
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *temp)
{
int ret;
char val[2];
int temp_raw;
ret = w1_ds2781_read(dev_info, val, DS2781_TEMP_MSB, 2 * sizeof(u8));
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 459
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n",
!!(control_reg & DS2781_CONTROL_PMOD));
}
static ssize_t ds2781_set_pmod_enabled(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 512
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
ret = sprintf(buf, "%d\n", sense_resistor);
return ret;
}
static ssize_t ds2781_set_sense_resistor_value(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 550
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", rsgain);
}
static ssize_t ds2781_set_rsgain_setting(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 593
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
ret = sprintf(buf, "%d\n", sfr & DS2781_SFR_PIOSC);
return ret;
}
static ssize_t ds2781_set_pio_pin(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/s390/cio/qdio_debug.h
6 issues
Line: 31
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DBF_EVENT(text...) \
do { \
char debug_buffer[QDIO_DBF_LEN]; \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(qdio_dbf_setup, DBF_ERR, debug_buffer); \
} while (0)
static inline void DBF_HEX(void *addr, int len)
{
Reported by FlawFinder.
Line: 43
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DBF_ERROR(text...) \
do { \
char debug_buffer[QDIO_DBF_LEN]; \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(qdio_dbf_error, DBF_ERR, debug_buffer); \
} while (0)
static inline void DBF_ERROR_HEX(void *addr, int len)
{
Reported by FlawFinder.
Line: 56
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
char debug_buffer[QDIO_DBF_LEN]; \
if (debug_level_enabled(device->debug_area, level)) { \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(device->debug_area, level, debug_buffer); \
} \
} while (0)
static inline void DBF_DEV_HEX(struct qdio_irq *dev, void *addr,
Reported by FlawFinder.
Line: 30
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DBF_EVENT(text...) \
do { \
char debug_buffer[QDIO_DBF_LEN]; \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(qdio_dbf_setup, DBF_ERR, debug_buffer); \
} while (0)
static inline void DBF_HEX(void *addr, int len)
Reported by FlawFinder.
Line: 42
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DBF_ERROR(text...) \
do { \
char debug_buffer[QDIO_DBF_LEN]; \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(qdio_dbf_error, DBF_ERR, debug_buffer); \
} while (0)
static inline void DBF_ERROR_HEX(void *addr, int len)
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DBF_DEV_EVENT(level, device, text...) \
do { \
char debug_buffer[QDIO_DBF_LEN]; \
if (debug_level_enabled(device->debug_area, level)) { \
snprintf(debug_buffer, QDIO_DBF_LEN, text); \
debug_text_event(device->debug_area, level, debug_buffer); \
} \
} while (0)
Reported by FlawFinder.
drivers/net/wireless/intersil/hostap/hostap_hw.c
6 issues
Line: 64
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_array(channel, int, NULL, 0444);
MODULE_PARM_DESC(channel, "Initial channel");
static char essid[33] = "test";
module_param_string(essid, essid, sizeof(essid), 0444);
MODULE_PARM_DESC(essid, "Host AP's ESSID");
static int iw_mode[MAX_PARM_DEVICES] = { IW_MODE_MASTER, DEF_INTS };
module_param_array(iw_mode, int, NULL, 0444);
Reported by FlawFinder.
Line: 80
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_array(dtim_period, int, NULL, 0444);
MODULE_PARM_DESC(dtim_period, "DTIM period");
static char dev_template[16] = "wlan%d";
module_param_string(dev_template, dev_template, sizeof(dev_template), 0444);
MODULE_PARM_DESC(dev_template, "Prefix for network device name (default: "
"wlan%d)");
#ifdef final_version
Reported by FlawFinder.
Line: 2329
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
union iwreq_data wrqu;
/* Copy 802.11 dest address. */
memcpy(wrqu.addr.sa_data, txdesc.addr1, ETH_ALEN);
wrqu.addr.sa_family = ARPHRD_ETHER;
wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
} else
show_dump = 1;
Reported by FlawFinder.
Line: 3132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local->card_idx = card_idx;
len = strlen(essid);
memcpy(local->essid, essid,
len > MAX_SSID_LEN ? MAX_SSID_LEN : len);
local->essid[MAX_SSID_LEN] = '\0';
i = GET_INT_PARM(iw_mode, card_idx);
if ((i >= IW_MODE_ADHOC && i <= IW_MODE_REPEAT) ||
i == IW_MODE_MONITOR) {
Reported by FlawFinder.
Line: 3067
Column: 8
CWE codes:
126
if (funcs == NULL)
return NULL;
len = strlen(dev_template);
if (len >= IFNAMSIZ || strstr(dev_template, "%d") == NULL) {
printk(KERN_WARNING "hostap: Invalid dev_template='%s'\n",
dev_template);
return NULL;
}
Reported by FlawFinder.
Line: 3131
Column: 8
CWE codes:
126
card_idx = 0;
local->card_idx = card_idx;
len = strlen(essid);
memcpy(local->essid, essid,
len > MAX_SSID_LEN ? MAX_SSID_LEN : len);
local->essid[MAX_SSID_LEN] = '\0';
i = GET_INT_PARM(iw_mode, card_idx);
if ((i >= IW_MODE_ADHOC && i <= IW_MODE_REPEAT) ||
Reported by FlawFinder.
fs/overlayfs/namei.c
6 issues
Line: 55
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
memcpy(buf, d->name.name, prelen);
}
strcat(buf, post);
kfree(d->redirect);
d->redirect = buf;
d->name.name = d->redirect;
d->name.len = strlen(d->redirect);
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
res = strlen(buf) + 1;
memmove(buf + prelen, buf, res);
memcpy(buf, d->name.name, prelen);
}
strcat(buf, post);
kfree(d->redirect);
d->redirect = buf;
Reported by FlawFinder.
Line: 1065
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!oe)
goto out_put;
memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
dentry->d_fsdata = oe;
if (upperopaque)
ovl_dentry_set_opaque(dentry);
Reported by FlawFinder.
Line: 35
Column: 53
CWE codes:
126
char *buf;
struct ovl_fs *ofs = OVL_FS(d->sb);
buf = ovl_get_redirect_xattr(ofs, dentry, prelen + strlen(post));
if (IS_ERR_OR_NULL(buf))
return PTR_ERR(buf);
if (buf[0] == '/') {
/*
Reported by FlawFinder.
Line: 50
Column: 9
CWE codes:
126
*/
d->stop = false;
} else {
res = strlen(buf) + 1;
memmove(buf + prelen, buf, res);
memcpy(buf, d->name.name, prelen);
}
strcat(buf, post);
Reported by FlawFinder.
Line: 59
Column: 16
CWE codes:
126
kfree(d->redirect);
d->redirect = buf;
d->name.name = d->redirect;
d->name.len = strlen(d->redirect);
return 0;
}
static int ovl_acceptable(void *ctx, struct dentry *dentry)
Reported by FlawFinder.