The following issues were found
drivers/video/fbdev/pvr2fb.c
6 issues
Line: 1039
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!strcmp(this_opt, "inverse")) {
fb_invert_cmaps();
} else if (!strncmp(this_opt, "cable:", 6)) {
strcpy(cable_arg, this_opt + 6);
} else if (!strncmp(this_opt, "output:", 7)) {
strcpy(output_arg, this_opt + 7);
} else if (!strncmp(this_opt, "nopan", 5)) {
nopan = 1;
} else if (!strncmp(this_opt, "nowrap", 6)) {
Reported by FlawFinder.
Line: 1041
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if (!strncmp(this_opt, "cable:", 6)) {
strcpy(cable_arg, this_opt + 6);
} else if (!strncmp(this_opt, "output:", 7)) {
strcpy(output_arg, this_opt + 7);
} else if (!strncmp(this_opt, "nopan", 5)) {
nopan = 1;
} else if (!strncmp(this_opt, "nowrap", 6)) {
nowrap = 1;
} else {
Reported by FlawFinder.
Line: 1025
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init pvr2fb_setup(char *options)
{
char *this_opt;
char cable_arg[80];
char output_arg[80];
if (!options || !*options)
return 0;
Reported by FlawFinder.
Line: 1026
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char *this_opt;
char cable_arg[80];
char output_arg[80];
if (!options || !*options)
return 0;
cable_arg[0] = output_arg[0] = 0;
Reported by FlawFinder.
Line: 1063
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct pvr2_board {
int (*init)(void);
void (*exit)(void);
char name[16];
} board_driver[] __refdata = {
#ifdef CONFIG_SH_DREAMCAST
{ pvr2fb_dc_init, pvr2fb_dc_exit, "Sega DC PVR2" },
#endif
#ifdef CONFIG_PCI
Reported by FlawFinder.
Line: 743
Column: 34
CWE codes:
126
int i;
for (i = 0; i < size; i++) {
if (!strncasecmp(p[i].name, s, strlen(s)))
return p[i].val;
}
return -1;
}
#endif
Reported by FlawFinder.
fs/nls/nls_iso8859-9.c
6 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00fc, 0x0131, 0x015f, 0x00ff,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0x00, 0x00, 0xff, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0xf0, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 150
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0xfe, /* 0x58-0x5f */
};
static const unsigned char *const page_uni2charset[256] = {
page00, page01, NULL, NULL, NULL, NULL, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
Reported by FlawFinder.
Line: 154
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
page00, page01, NULL, NULL, NULL, NULL, NULL, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 190
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
fs/nls/nls_iso8859-6.c
6 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 125
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0xad, 0x00, 0x00, /* 0xa8-0xaf */
};
static const unsigned char page06[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0xbb, 0x00, 0x00, 0x00, 0xbf, /* 0x18-0x1f */
0x00, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 142
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x68-0x6f */
};
static const unsigned char *const page_uni2charset[256] = {
page00, NULL, NULL, NULL, NULL, NULL, page06, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
Reported by FlawFinder.
Line: 146
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
page00, NULL, NULL, NULL, NULL, NULL, page06, NULL,
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 182
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
fs/cramfs/inode.c
6 issues
Line: 174
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BLKS_PER_BUF (1 << BLKS_PER_BUF_SHIFT)
#define BUFFER_SIZE (BLKS_PER_BUF*PAGE_SIZE)
static unsigned char read_buffers[READ_BUFFERS][BUFFER_SIZE];
static unsigned buffer_blocknr[READ_BUFFERS];
static struct super_block *buffer_dev[READ_BUFFERS];
static int next_buffer;
/*
Reported by FlawFinder.
Line: 250
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct page *page = pages[i];
if (page) {
memcpy(data, kmap(page), PAGE_SIZE);
kunmap(page);
put_page(page);
} else
memset(data, 0, PAGE_SIZE);
data += PAGE_SIZE;
Reported by FlawFinder.
Line: 527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read the first block and get the superblock from it */
mutex_lock(&read_mutex);
memcpy(super, cramfs_read(sb, 0, sizeof(*super)), sizeof(*super));
mutex_unlock(&read_mutex);
/* Do sanity checks on the superblock */
if (super->magic != CRAMFS_MAGIC) {
/* check for wrong endianness */
Reported by FlawFinder.
Line: 541
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* check at 512 byte offset */
mutex_lock(&read_mutex);
memcpy(super,
cramfs_read(sb, 512, sizeof(*super)),
sizeof(*super));
mutex_unlock(&read_mutex);
if (super->magic != CRAMFS_MAGIC) {
if (super->magic == CRAMFS_MAGIC_WEND && !silent)
Reported by FlawFinder.
Line: 736
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* with zeroes.
*/
namelen = de->namelen << 2;
memcpy(buf, name, namelen);
ino = cramino(de, OFFSET(inode) + offset);
mode = de->mode;
mutex_unlock(&read_mutex);
nextoffset = offset + sizeof(*de) + namelen;
for (;;) {
Reported by FlawFinder.
Line: 897
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("bad data blocksize %u\n", block_len);
goto err;
} else if (uncompressed) {
memcpy(pgdata,
cramfs_read(sb, block_start, block_len),
block_len);
bytes_filled = block_len;
} else {
bytes_filled = cramfs_uncompress_block(pgdata,
Reported by FlawFinder.
fs/reiserfs/reiserfs.h
6 issues
Line: 624
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t old_work_lock; /* protects old_work and work_queued */
#ifdef CONFIG_QUOTA
char *s_qf_names[REISERFS_MAXQUOTAS];
int s_jquota_fmt;
#endif
char *s_jdev; /* Stored jdev for mount option showing */
#ifdef CONFIG_REISERFS_CHECK
Reported by FlawFinder.
Line: 991
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* reiserfs magic string indicates that file system is reiserfs:
* "ReIsErFs" or "ReIsEr2Fs" or "ReIsEr3Fs"
*/
char s_magic[10];
/*
* it is set to used by fsck to mark which
* phase of rebuilding is done
*/
Reported by FlawFinder.
Line: 1033
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Right now used only by inode-attributes, if enabled */
__le32 s_flags;
unsigned char s_uuid[16]; /* filesystem unique identifier */
unsigned char s_label[16]; /* filesystem volume label */
__le16 s_mnt_count; /* Count of mounts since last fsck */
__le16 s_max_mnt_count; /* Maximum mounts before check */
__le32 s_lastcheck; /* Timestamp of last fsck */
__le32 s_check_interval; /* Interval between checks */
Reported by FlawFinder.
Line: 1034
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 s_flags;
unsigned char s_uuid[16]; /* filesystem unique identifier */
unsigned char s_label[16]; /* filesystem volume label */
__le16 s_mnt_count; /* Count of mounts since last fsck */
__le16 s_max_mnt_count; /* Maximum mounts before check */
__le32 s_lastcheck; /* Timestamp of last fsck */
__le32 s_check_interval; /* Interval between checks */
Reported by FlawFinder.
Line: 1043
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* zero filled by mkreiserfs and reiserfs_convert_objectid_map_v1()
* so any additions must be updated there as well. */
char s_unused[76];
} __attribute__ ((__packed__));
#define SB_SIZE (sizeof(struct reiserfs_super_block))
#define REISERFS_VERSION_1 0
Reported by FlawFinder.
Line: 2996
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void copy_key(struct reiserfs_key *to,
const struct reiserfs_key *from)
{
memcpy(to, from, KEY_SIZE);
}
int comp_items(const struct item_head *stored_ih, const struct treepath *path);
const struct reiserfs_key *get_rkey(const struct treepath *chk_path,
const struct super_block *sb);
Reported by FlawFinder.
drivers/video/hdmi.c
6 issues
Line: 306
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* start infoframe payload */
ptr += HDMI_INFOFRAME_HEADER_SIZE;
memcpy(ptr, frame->vendor, sizeof(frame->vendor));
memcpy(ptr + 8, frame->product, sizeof(frame->product));
ptr[24] = frame->sdi;
hdmi_infoframe_set_checksum(buffer, length);
Reported by FlawFinder.
Line: 307
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += HDMI_INFOFRAME_HEADER_SIZE;
memcpy(ptr, frame->vendor, sizeof(frame->vendor));
memcpy(ptr + 8, frame->product, sizeof(frame->product));
ptr[24] = frame->sdi;
hdmi_infoframe_set_checksum(buffer, length);
Reported by FlawFinder.
Line: 232
Column: 8
CWE codes:
126
frame->version = 1;
frame->length = HDMI_SPD_INFOFRAME_SIZE;
len = strlen(vendor);
memcpy(frame->vendor, vendor, min(len, sizeof(frame->vendor)));
len = strlen(product);
memcpy(frame->product, product, min(len, sizeof(frame->product)));
return 0;
Reported by FlawFinder.
Line: 234
Column: 8
CWE codes:
126
len = strlen(vendor);
memcpy(frame->vendor, vendor, min(len, sizeof(frame->vendor)));
len = strlen(product);
memcpy(frame->product, product, min(len, sizeof(frame->product)));
return 0;
}
EXPORT_SYMBOL(hdmi_spd_infoframe_init);
Reported by FlawFinder.
Line: 1276
Column: 2
CWE codes:
120
memset(buf, 0, sizeof(buf));
strncpy(buf, frame->vendor, 8);
hdmi_log(" vendor: %s\n", buf);
strncpy(buf, frame->product, 16);
hdmi_log(" product: %s\n", buf);
hdmi_log(" source device information: %s (0x%x)\n",
hdmi_spd_sdi_get_name(frame->sdi), frame->sdi);
Reported by FlawFinder.
Line: 1278
Column: 2
CWE codes:
120
strncpy(buf, frame->vendor, 8);
hdmi_log(" vendor: %s\n", buf);
strncpy(buf, frame->product, 16);
hdmi_log(" product: %s\n", buf);
hdmi_log(" source device information: %s (0x%x)\n",
hdmi_spd_sdi_get_name(frame->sdi), frame->sdi);
}
Reported by FlawFinder.
fs/xfs/xfs_inode.c
6 issues
Line: 3011
Column: 20
CWE codes:
377
struct xfs_inode *dp,
struct xfs_inode **wip)
{
struct xfs_inode *tmpfile;
int error;
error = xfs_create_tmpfile(mnt_userns, dp, S_IFCHR | WHITEOUT_MODE,
&tmpfile);
if (error)
Reported by FlawFinder.
Line: 3015
Column: 9
CWE codes:
377
int error;
error = xfs_create_tmpfile(mnt_userns, dp, S_IFCHR | WHITEOUT_MODE,
&tmpfile);
if (error)
return error;
/*
* Prepare the tmpfile inode as if it were created through the VFS.
Reported by FlawFinder.
Line: 3024
Column: 17
CWE codes:
377
* Complete the inode setup and flag it as linkable. nlink is already
* zero, so we can skip the drop_nlink.
*/
xfs_setup_iops(tmpfile);
xfs_finish_inode_setup(tmpfile);
VFS_I(tmpfile)->i_state |= I_LINKABLE;
*wip = tmpfile;
return 0;
Reported by FlawFinder.
Line: 3025
Column: 25
CWE codes:
377
* zero, so we can skip the drop_nlink.
*/
xfs_setup_iops(tmpfile);
xfs_finish_inode_setup(tmpfile);
VFS_I(tmpfile)->i_state |= I_LINKABLE;
*wip = tmpfile;
return 0;
}
Reported by FlawFinder.
Line: 3026
Column: 8
CWE codes:
377
*/
xfs_setup_iops(tmpfile);
xfs_finish_inode_setup(tmpfile);
VFS_I(tmpfile)->i_state |= I_LINKABLE;
*wip = tmpfile;
return 0;
}
Reported by FlawFinder.
Line: 3028
Column: 9
CWE codes:
377
xfs_finish_inode_setup(tmpfile);
VFS_I(tmpfile)->i_state |= I_LINKABLE;
*wip = tmpfile;
return 0;
}
/*
* xfs_rename
Reported by FlawFinder.
fs/dlm/dir.c
6 issues
Line: 113
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (left < sizeof(__be16))
goto out_free;
memcpy(&v, b, sizeof(__be16));
namelen = be16_to_cpu(v);
b += sizeof(__be16);
left -= sizeof(__be16);
/* namelen of 0xFFFFF marks end of names for
Reported by FlawFinder.
Line: 176
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
last_len = namelen;
memcpy(last_name, b, namelen);
b += namelen;
left -= namelen;
count++;
}
}
Reported by FlawFinder.
Line: 277
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (offset + sizeof(uint16_t)*2 + r->res_length > outlen) {
/* Write end-of-block record */
be_namelen = cpu_to_be16(0);
memcpy(outbuf + offset, &be_namelen, sizeof(__be16));
offset += sizeof(__be16);
ls->ls_recover_dir_sent_msg++;
goto out;
}
Reported by FlawFinder.
Line: 284
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
be_namelen = cpu_to_be16(r->res_length);
memcpy(outbuf + offset, &be_namelen, sizeof(__be16));
offset += sizeof(__be16);
memcpy(outbuf + offset, r->res_name, r->res_length);
offset += r->res_length;
ls->ls_recover_dir_sent_res++;
}
Reported by FlawFinder.
Line: 286
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
be_namelen = cpu_to_be16(r->res_length);
memcpy(outbuf + offset, &be_namelen, sizeof(__be16));
offset += sizeof(__be16);
memcpy(outbuf + offset, r->res_name, r->res_length);
offset += r->res_length;
ls->ls_recover_dir_sent_res++;
}
/*
Reported by FlawFinder.
Line: 299
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((list == &ls->ls_root_list) &&
(offset + sizeof(uint16_t) <= outlen)) {
be_namelen = cpu_to_be16(0xFFFF);
memcpy(outbuf + offset, &be_namelen, sizeof(__be16));
offset += sizeof(__be16);
ls->ls_recover_dir_sent_msg++;
}
out:
up_read(&ls->ls_root_sem);
Reported by FlawFinder.
fs/f2fs/segment.h
6 issues
Line: 384
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
se->valid_blocks = GET_SIT_VBLOCKS(rs);
se->ckpt_valid_blocks = GET_SIT_VBLOCKS(rs);
memcpy(se->cur_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
memcpy(se->ckpt_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#ifdef CONFIG_F2FS_CHECK_FS
memcpy(se->cur_valid_map_mir, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#endif
se->type = GET_SIT_TYPE(rs);
Reported by FlawFinder.
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
se->valid_blocks = GET_SIT_VBLOCKS(rs);
se->ckpt_valid_blocks = GET_SIT_VBLOCKS(rs);
memcpy(se->cur_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
memcpy(se->ckpt_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#ifdef CONFIG_F2FS_CHECK_FS
memcpy(se->cur_valid_map_mir, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#endif
se->type = GET_SIT_TYPE(rs);
se->mtime = le64_to_cpu(rs->mtime);
Reported by FlawFinder.
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(se->cur_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
memcpy(se->ckpt_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#ifdef CONFIG_F2FS_CHECK_FS
memcpy(se->cur_valid_map_mir, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
#endif
se->type = GET_SIT_TYPE(rs);
se->mtime = le64_to_cpu(rs->mtime);
}
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned short raw_vblocks = (se->type << SIT_VBLOCKS_SHIFT) |
se->valid_blocks;
rs->vblocks = cpu_to_le16(raw_vblocks);
memcpy(rs->valid_map, se->cur_valid_map, SIT_VBLOCK_MAP_SIZE);
rs->mtime = cpu_to_le64(se->mtime);
}
static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi,
struct page *page, unsigned int start)
Reported by FlawFinder.
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__seg_info_to_raw_sit(se, rs);
memcpy(se->ckpt_valid_map, rs->valid_map, SIT_VBLOCK_MAP_SIZE);
se->ckpt_valid_blocks = se->valid_blocks;
}
static inline unsigned int find_next_inuse(struct free_segmap_info *free_i,
unsigned int max, unsigned int segno)
Reported by FlawFinder.
Line: 525
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sit_i->bitmap_size))
f2fs_bug_on(sbi, 1);
#endif
memcpy(dst_addr, sit_i->sit_bitmap, sit_i->bitmap_size);
}
static inline block_t written_block_count(struct f2fs_sb_info *sbi)
{
return SIT_I(sbi)->written_valid_blocks;
Reported by FlawFinder.
fs/dlm/rcom.c
6 issues
Line: 304
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(unsigned long long)ls->ls_rcom_seq);
goto out;
}
memcpy(ls->ls_recover_buf, rc_in, rc_in->rc_header.h_length);
set_bit(LSFL_RCOM_READY, &ls->ls_flags);
clear_bit(LSFL_RCOM_WAIT, &ls->ls_flags);
wake_up(&ls->ls_wait_general);
out:
spin_unlock(&ls->ls_rcom_spin);
Reported by FlawFinder.
Line: 325
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&rc, &msg);
if (error)
goto out;
memcpy(rc->rc_buf, last_name, last_len);
allow_sync_reply(ls, &rc->rc_id);
memset(ls->ls_recover_buf, 0, DLM_MAX_SOCKET_BUFSIZE);
send_rcom_stateless(ls, msg, rc);
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&rc, &mh);
if (error)
goto out;
memcpy(rc->rc_buf, r->res_name, r->res_length);
rc->rc_id = (unsigned long) r->res_id;
send_rcom(ls, mh, rc);
out:
return error;
Reported by FlawFinder.
Line: 436
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rl->rl_asts |= DLM_CB_CAST;
rl->rl_namelen = cpu_to_le16(r->res_length);
memcpy(rl->rl_name, r->res_name, r->res_length);
/* FIXME: might we have an lvb without DLM_LKF_VALBLK set ?
If so, receive_rcom_lock_args() won't take this copy. */
if (lkb->lkb_lvbptr)
Reported by FlawFinder.
Line: 442
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
If so, receive_rcom_lock_args() won't take this copy. */
if (lkb->lkb_lvbptr)
memcpy(rl->rl_lvb, lkb->lkb_lvbptr, r->res_ls->ls_lvblen);
}
int dlm_send_rcom_lock(struct dlm_rsb *r, struct dlm_lkb *lkb)
{
struct dlm_ls *ls = r->res_ls;
Reported by FlawFinder.
Line: 486
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* We send back the same rcom_lock struct we received, but
dlm_recover_master_copy() has filled in rl_remid and rl_result */
memcpy(rc->rc_buf, rc_in->rc_buf, sizeof(struct rcom_lock));
rc->rc_id = rc_in->rc_id;
rc->rc_seq_reply = rc_in->rc_seq;
send_rcom(ls, mh, rc);
}
Reported by FlawFinder.