The following issues were found
arch/ia64/kernel/ptrace.c
5 issues
Line: 282
Column: 26
CWE codes:
732
if (ubspstore + 63 > urnat_addr) {
/* some bits need to be merged in from pt->ar_rnat */
umask = MASK(ia64_rse_slot_num(ubspstore)) & mask;
urnat = (pt->ar_rnat & umask);
mask &= ~umask;
if (!mask)
return urnat;
}
Reported by FlawFinder.
Line: 283
Column: 12
CWE codes:
732
/* some bits need to be merged in from pt->ar_rnat */
umask = MASK(ia64_rse_slot_num(ubspstore)) & mask;
urnat = (pt->ar_rnat & umask);
mask &= ~umask;
if (!mask)
return urnat;
}
m = mask << shift;
Reported by FlawFinder.
Line: 356
Column: 33
CWE codes:
732
if (ubspstore + 63 > urnat_addr) {
/* some bits need to be place in pt->ar_rnat: */
umask = MASK(ia64_rse_slot_num(ubspstore)) & mask;
pt->ar_rnat = (pt->ar_rnat & ~umask) | (urnat & umask);
mask &= ~umask;
if (!mask)
return;
}
/*
Reported by FlawFinder.
Line: 356
Column: 51
CWE codes:
732
if (ubspstore + 63 > urnat_addr) {
/* some bits need to be place in pt->ar_rnat: */
umask = MASK(ia64_rse_slot_num(ubspstore)) & mask;
pt->ar_rnat = (pt->ar_rnat & ~umask) | (urnat & umask);
mask &= ~umask;
if (!mask)
return;
}
/*
Reported by FlawFinder.
Line: 357
Column: 12
CWE codes:
732
/* some bits need to be place in pt->ar_rnat: */
umask = MASK(ia64_rse_slot_num(ubspstore)) & mask;
pt->ar_rnat = (pt->ar_rnat & ~umask) | (urnat & umask);
mask &= ~umask;
if (!mask)
return;
}
/*
* Note: Section 11.1 of the EAS guarantees that bit 63 of an
Reported by FlawFinder.
arch/powerpc/kernel/iommu.c
5 issues
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void iommu_debugfs_add(struct iommu_table *tbl)
{
char name[10];
struct dentry *liobn_entry;
sprintf(name, "%08lx", tbl->it_index);
liobn_entry = debugfs_create_dir(name, iommu_debugfs_dir);
Reported by FlawFinder.
Line: 56
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[10];
struct dentry *liobn_entry;
sprintf(name, "%08lx", tbl->it_index);
liobn_entry = debugfs_create_dir(name, iommu_debugfs_dir);
debugfs_create_file_unsafe("weight", 0400, liobn_entry, tbl, &iommu_debugfs_fops_weight);
debugfs_create_ulong("it_size", 0400, liobn_entry, &tbl->it_size);
debugfs_create_ulong("it_page_shift", 0400, liobn_entry, &tbl->it_page_shift);
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void iommu_debugfs_del(struct iommu_table *tbl)
{
char name[10];
struct dentry *liobn_entry;
sprintf(name, "%08lx", tbl->it_index);
liobn_entry = debugfs_lookup(name, iommu_debugfs_dir);
debugfs_remove(liobn_entry);
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[10];
struct dentry *liobn_entry;
sprintf(name, "%08lx", tbl->it_index);
liobn_entry = debugfs_lookup(name, iommu_debugfs_dir);
debugfs_remove(liobn_entry);
}
#else
static void iommu_debugfs_add(struct iommu_table *tbl){}
Reported by FlawFinder.
Line: 144
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t fail_iommu_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", dev->archdata.fail_iommu);
}
static ssize_t fail_iommu_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
arch/x86/kernel/cpu/microcode/amd.c
5 issues
Line: 451
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = true;
if (save_patch)
memcpy(patch, mc, min_t(u32, desc.psize, PATCH_MAX_SIZE));
}
return ret;
}
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool get_builtin_microcode(struct cpio_data *cp, unsigned int family)
{
#ifdef CONFIG_X86_64
char fw_name[36] = "amd-ucode/microcode_amd.bin";
if (family >= 0x15)
snprintf(fw_name, sizeof(fw_name),
"amd-ucode/microcode_amd_fam%.2xh.bin", family);
Reported by FlawFinder.
Line: 735
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len);
equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry);
/* add header length */
return equiv_tbl_len + CONTAINER_HDR_SZ;
}
Reported by FlawFinder.
Line: 866
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE));
return ret;
}
/*
Reported by FlawFinder.
Line: 890
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static enum ucode_state request_microcode_amd(int cpu, struct device *device,
bool refresh_fw)
{
char fw_name[36] = "amd-ucode/microcode_amd.bin";
struct cpuinfo_x86 *c = &cpu_data(cpu);
bool bsp = c->cpu_index == boot_cpu_data.cpu_index;
enum ucode_state ret = UCODE_NFOUND;
const struct firmware *fw;
Reported by FlawFinder.
arch/mips/include/asm/pci/bridge.h
5 issues
Line: 183
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 _pad_0002A0[24];
char _pad_000300[0x10000 - 0x000300];
/* Internal Address Translation Entry RAM 0x010000-0x0103FF */
union {
u64 wr; /* write-only */
struct {
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} hi;
} b_int_ate_ram[128];
char _pad_010400[0x11000 - 0x010400];
/* Internal Address Translation Entry RAM LOW 0x011000-0x0113FF */
struct {
u32 _p_pad;
u32 rd; /* read-only */
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 rd; /* read-only */
} b_int_ate_ram_lo[128];
char _pad_011400[0x20000 - 0x011400];
/* PCI Device Configuration Spaces 0x020000-0x027FFF */
union { /* make all access sizes available. */
u8 c[0x1000 / 1];
u16 s[0x1000 / 2];
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 d[0x1000 / 8];
} b_type1_cfg; /* 0x028000-0x029000 */
char _pad_029000[0x007000]; /* 0x029000-0x030000 */
/* PCI Interrupt Acknowledge Cycle 0x030000 */
union {
u8 c[8 / 1];
u16 s[8 / 2];
Reported by FlawFinder.
Line: 242
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 b_ext_ate_ram[0x10000];
/* Reserved 0x100000-0x1FFFFF */
char _pad_100000[0x200000-0x100000];
/* PCI/GIO Device Spaces 0x200000-0xBFFFFF */
union { /* make all access sizes available. */
u8 c[0x100000 / 1];
u16 s[0x100000 / 2];
Reported by FlawFinder.
arch/sparc/crypto/sha512_glue.c
5 issues
Line: 69
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->count[1]++;
if (partial) {
done = SHA512_BLOCK_SIZE - partial;
memcpy(sctx->buf + partial, data, done);
sha512_sparc64_transform(sctx->state, sctx->buf, 1);
}
if (len - done >= SHA512_BLOCK_SIZE) {
const unsigned int rounds = (len - done) / SHA512_BLOCK_SIZE;
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
done += rounds * SHA512_BLOCK_SIZE;
}
memcpy(sctx->buf, data + done, len - done);
}
static int sha512_sparc64_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (partial + len < SHA512_BLOCK_SIZE) {
if ((sctx->count[0] += len) < len)
sctx->count[1]++;
memcpy(sctx->buf + partial, data, len);
} else
__sha512_sparc64_update(sctx, data, len, partial);
return 0;
}
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (padlen <= 112) {
if ((sctx->count[0] += padlen) < padlen)
sctx->count[1]++;
memcpy(sctx->buf + index, padding, padlen);
} else {
__sha512_sparc64_update(sctx, padding, padlen, index);
}
__sha512_sparc64_update(sctx, (const u8 *)&bits, sizeof(bits), 112);
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sha512_sparc64_final(desc, D);
memcpy(hash, D, 48);
memzero_explicit(D, 64);
return 0;
}
Reported by FlawFinder.
arch/s390/crypto/sha_common.c
5 issues
Line: 31
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* process one stored block */
if (index) {
memcpy(ctx->buf + index, data, bsize - index);
cpacf_kimd(ctx->func, ctx->state, ctx->buf, bsize);
data += bsize - index;
len -= bsize - index;
index = 0;
}
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
store:
if (len)
memcpy(ctx->buf + index , data, len);
return 0;
}
EXPORT_SYMBOL_GPL(s390_sha_update);
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (ctx->func) {
case CPACF_KLMD_SHA_1:
case CPACF_KLMD_SHA_256:
memcpy(ctx->state + mbl_offset, &bits, sizeof(bits));
break;
case CPACF_KLMD_SHA_512:
/*
* the SHA512 parmblock has a 128-bit mbl field, clear
* high-order u64 field, copy bits to low-order u64 field
Reported by FlawFinder.
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memset(ctx->state + mbl_offset, 0x00, sizeof(bits));
mbl_offset += sizeof(u64) / sizeof(u32);
memcpy(ctx->state + mbl_offset, &bits, sizeof(bits));
break;
case CPACF_KLMD_SHA3_224:
case CPACF_KLMD_SHA3_256:
case CPACF_KLMD_SHA3_384:
case CPACF_KLMD_SHA3_512:
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpacf_klmd(ctx->func, ctx->state, ctx->buf, n);
/* copy digest to out */
memcpy(out, ctx->state, crypto_shash_digestsize(desc->tfm));
/* wipe context */
memset(ctx, 0, sizeof *ctx);
return 0;
}
Reported by FlawFinder.
arch/x86/platform/ts5500/ts5500.c
5 issues
Line: 155
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ts5500_sbc *sbc = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", sbc->name);
}
static DEVICE_ATTR_RO(name);
static ssize_t id_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 164
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ts5500_sbc *sbc = dev_get_drvdata(dev);
return sprintf(buf, "0x%.2x\n", sbc->id);
}
static DEVICE_ATTR_RO(id);
static ssize_t jumpers_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 173
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ts5500_sbc *sbc = dev_get_drvdata(dev);
return sprintf(buf, "0x%.2x\n", sbc->jumpers >> 1);
}
static DEVICE_ATTR_RO(jumpers);
#define TS5500_ATTR_BOOL(_field) \
static ssize_t _field##_show(struct device *dev, \
Reported by FlawFinder.
Line: 183
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct ts5500_sbc *sbc = dev_get_drvdata(dev); \
\
return sprintf(buf, "%d\n", sbc->_field); \
} \
static DEVICE_ATTR_RO(_field)
TS5500_ATTR_BOOL(sram);
TS5500_ATTR_BOOL(rs485);
Reported by FlawFinder.
Line: 104
Column: 9
CWE codes:
126
for (i = 0; i < ARRAY_SIZE(ts5500_signatures); i++) {
if (check_signature(bios + ts5500_signatures[i].offset,
ts5500_signatures[i].string,
strlen(ts5500_signatures[i].string))) {
ret = 0;
break;
}
}
Reported by FlawFinder.
arch/x86/boot/boot.h
5 issues
Line: 318
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
protected_mode_jump(u32 entrypoint, u32 bootparams);
/* printf.c */
int sprintf(char *buf, const char *fmt, ...);
int vsprintf(char *buf, const char *fmt, va_list args);
int printf(const char *fmt, ...);
/* regs.c */
void initregs(struct biosregs *regs);
Reported by FlawFinder.
Line: 319
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
/* printf.c */
int sprintf(char *buf, const char *fmt, ...);
int vsprintf(char *buf, const char *fmt, va_list args);
int printf(const char *fmt, ...);
/* regs.c */
void initregs(struct biosregs *regs);
Reported by FlawFinder.
Line: 320
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* printf.c */
int sprintf(char *buf, const char *fmt, ...);
int vsprintf(char *buf, const char *fmt, va_list args);
int printf(const char *fmt, ...);
/* regs.c */
void initregs(struct biosregs *regs);
/* string.c */
Reported by FlawFinder.
Line: 331
Column: 8
CWE codes:
126
size_t strnlen(const char *s, size_t maxlen);
unsigned int atou(const char *s);
unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int base);
size_t strlen(const char *s);
char *strchr(const char *s, int c);
/* tty.c */
void puts(const char *);
void putchar(int);
Reported by FlawFinder.
Line: 337
Column: 5
CWE codes:
120
20
/* tty.c */
void puts(const char *);
void putchar(int);
int getchar(void);
void kbd_flush(void);
int getchar_timeout(void);
/* video.c */
void set_video(void);
Reported by FlawFinder.
arch/um/os-Linux/util.c
5 issues
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
# endif
#endif
strcpy(machine_out, host.machine);
}
void setup_hostinfo(char *buf, int len)
{
struct utsname host;
Reported by FlawFinder.
Line: 177
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(list, fmt);
vfprintf(stderr, fmt, list);
va_end(list);
}
void os_warn(const char *fmt, ...)
{
Reported by FlawFinder.
Line: 186
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list list;
va_start(list, fmt);
vfprintf(stderr, fmt, list);
va_end(list);
}
Reported by FlawFinder.
Line: 56
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef UML_CONFIG_UML_X86
# ifndef UML_CONFIG_64BIT
if (!strcmp(host.machine, "x86_64")) {
strcpy(machine_out, "i686");
return;
}
# else
if (!strcmp(host.machine, "i686")) {
strcpy(machine_out, "x86_64");
Reported by FlawFinder.
Line: 61
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
# else
if (!strcmp(host.machine, "i686")) {
strcpy(machine_out, "x86_64");
return;
}
# endif
#endif
strcpy(machine_out, host.machine);
Reported by FlawFinder.
arch/m68k/amiga/config.c
5 issues
Line: 212
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
pr_info("Amiga hardware found: ");
if (amiga_model >= AMI_500 && amiga_model <= AMI_DRACO) {
pr_cont("[%s] ", amiga_models[amiga_model-AMI_500]);
strcat(amiga_model_name, amiga_models[amiga_model-AMI_500]);
}
switch (amiga_model) {
case AMI_UNKNOWN:
break;
Reported by FlawFinder.
Line: 770
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void amiga_get_model(char *model)
{
strcpy(model, amiga_model_name);
}
static void amiga_get_hardware_list(struct seq_file *m)
{
Reported by FlawFinder.
Line: 93
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[AMI_DRACO-AMI_500] = s_draco,
};
static char amiga_model_name[13] = "Amiga ";
static void amiga_sched_init(void);
static void amiga_get_model(char *model);
static void amiga_get_hardware_list(struct seq_file *m);
extern void amiga_mksound(unsigned int count, unsigned int ticks);
Reported by FlawFinder.
Line: 629
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int count)
{
if (savekmsg->size + count <= SAVEKMSG_MAXMEM-sizeof(struct savekmsg)) {
memcpy(savekmsg->data + savekmsg->size, s, count);
savekmsg->size += count;
}
}
static int __init amiga_savekmsg_setup(char *arg)
Reported by FlawFinder.
Line: 683
Column: 38
CWE codes:
126
#if 0
void amiga_serial_puts(const char *s)
{
amiga_serial_console_write(NULL, s, strlen(s));
}
int amiga_serial_console_wait_key(struct console *co)
{
int ch;
Reported by FlawFinder.