The following issues were found
arch/s390/kvm/trace.h
5 issues
Line: 43
),
TP_fast_assign(
VCPU_ASSIGN_COMMON
),
VCPU_TP_PRINTK("%s", "storage key related instruction")
);
TRACE_EVENT(kvm_s390_major_guest_pfault,
Reported by Cppcheck.
Line: 43
),
TP_fast_assign(
VCPU_ASSIGN_COMMON
),
VCPU_TP_PRINTK("%s", "storage key related instruction")
);
TRACE_EVENT(kvm_s390_major_guest_pfault,
Reported by Cppcheck.
Line: 43
),
TP_fast_assign(
VCPU_ASSIGN_COMMON
),
VCPU_TP_PRINTK("%s", "storage key related instruction")
);
TRACE_EVENT(kvm_s390_major_guest_pfault,
Reported by Cppcheck.
Line: 43
),
TP_fast_assign(
VCPU_ASSIGN_COMMON
),
VCPU_TP_PRINTK("%s", "storage key related instruction")
);
TRACE_EVENT(kvm_s390_major_guest_pfault,
Reported by Cppcheck.
Line: 43
),
TP_fast_assign(
VCPU_ASSIGN_COMMON
),
VCPU_TP_PRINTK("%s", "storage key related instruction")
);
TRACE_EVENT(kvm_s390_major_guest_pfault,
Reported by Cppcheck.
arch/mips/kernel/relocate.c
5 issues
Line: 157
CWE codes:
570
int type;
int res;
for (r = _relocation_start; r < _relocation_end; r++) {
/* Sentinel for last relocation */
if (*r == 0)
break;
type = (*r >> 24) & 0xff;
Reported by Cppcheck.
Line: 377
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fdt_phys <= virt_to_phys(RELOCATED(&_end))) {
void *fdt_relocated =
RELOCATED(ALIGN((long)&_end, PAGE_SIZE));
memcpy(fdt_relocated, fdt, fdt_totalsize(fdt));
fdt = fdt_relocated;
fdt_relocated_ = RELOCATED(&plat_fdt_relocated);
}
#endif /* CONFIG_USE_OF */
Reported by FlawFinder.
Line: 384
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif /* CONFIG_USE_OF */
/* Copy the kernel to it's new location */
memcpy(loc_new, &_text, kernel_length);
/* Perform relocations on the new kernel */
res = do_relocations(&_text, loc_new, offset);
if (res < 0)
goto out;
Reported by FlawFinder.
Line: 403
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* some variables such as command line parameters
* stored to it so make a copy in the new location.
*/
memcpy(RELOCATED(&__bss_start), &__bss_start, bss_length);
/*
* If fdt was stored outside of the kernel image and
* had to be moved then update platform's state data
* with the new fdt location
Reported by FlawFinder.
Line: 221
Column: 40
CWE codes:
126
unsigned long hash = 0;
/* Attempt to create a simple but unpredictable starting entropy. */
hash = rotate_xor(hash, linux_banner, strlen(linux_banner));
/* Add in any runtime entropy we can get */
hash = rotate_xor(hash, &entropy, sizeof(entropy));
#if defined(CONFIG_USE_OF)
Reported by FlawFinder.
arch/x86/boot/tools/build.c
5 issues
Line: 144
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
va_list args;
va_start(args, str);
vfprintf(stderr, str, args);
va_end(args);
fputc('\n', stderr);
exit(1);
}
Reported by FlawFinder.
Line: 343
Column: 9
CWE codes:
362
char *p;
int c;
file = fopen(fname, "r");
if (!file)
die("Unable to open `%s': %m", fname);
c = fread(buf, 1, sizeof(buf) - 1, file);
if (ferror(file))
die("read-error on `zoffset.h'");
Reported by FlawFinder.
Line: 387
Column: 9
CWE codes:
362
usage();
parse_zoffset(argv[3]);
dest = fopen(argv[4], "w");
if (!dest)
die("Unable to write `%s': %m", argv[4]);
/* Copy the setup code */
file = fopen(argv[1], "r");
Reported by FlawFinder.
Line: 392
Column: 9
CWE codes:
362
die("Unable to write `%s': %m", argv[4]);
/* Copy the setup code */
file = fopen(argv[1], "r");
if (!file)
die("Unable to open `%s': %m", argv[1]);
c = fread(buf, 1, sizeof(buf), file);
if (ferror(file))
die("read-error on `setup'");
Reported by FlawFinder.
Line: 420
Column: 7
CWE codes:
362
put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]);
/* Open and stat the kernel file */
fd = open(argv[2], O_RDONLY);
if (fd < 0)
die("Unable to open `%s': %m", argv[2]);
if (fstat(fd, &sb))
die("Unable to stat `%s': %m", argv[2]);
sz = sb.st_size;
Reported by FlawFinder.
arch/sh/boards/mach-r2d/irq.c
5 issues
Line: 66
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* IRLn to IRQ table for R2D-1 */
static unsigned char irl2irq_r2d_1[R2D_NR_IRL] __initdata = {
IRQ_PCI_INTD, IRQ_CF_IDE, IRQ_CF_CD, IRQ_PCI_INTC,
IRQ_VOYAGER, IRQ_AX88796, IRQ_RTC_A, IRQ_RTC_T,
IRQ_SDCARD, IRQ_PCI_INTA, IRQ_PCI_INTB, IRQ_EXT,
IRQ_TP,
};
Reported by FlawFinder.
Line: 104
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* IRLn to IRQ table for R2D-PLUS */
static unsigned char irl2irq_r2d_plus[R2D_NR_IRL] __initdata = {
IRQ_PCI_INTD, IRQ_CF_IDE, IRQ_CF_CD, IRQ_PCI_INTC,
IRQ_VOYAGER, IRQ_KEY, IRQ_RTC_A, IRQ_RTC_T,
IRQ_SDCARD, IRQ_PCI_INTA, IRQ_PCI_INTB, IRQ_EXT,
IRQ_TP,
};
Reported by FlawFinder.
Line: 116
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif /* CONFIG_RTS7751R2D_PLUS */
static unsigned char irl2irq[R2D_NR_IRL];
int rts7751r2d_irq_demux(int irq)
{
if (irq >= R2D_NR_IRL || irq < 0 || !irl2irq[irq])
return irq;
Reported by FlawFinder.
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0x10:
printk(KERN_INFO "Using R2D-PLUS interrupt controller.\n");
d = &intc_desc_r2d_plus;
memcpy(irl2irq, irl2irq_r2d_plus, R2D_NR_IRL);
break;
#endif
#ifdef CONFIG_RTS7751R2D_1
case 0x00: /* according to manual */
case 0x30: /* in reality */
Reported by FlawFinder.
Line: 146
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0x30: /* in reality */
printk(KERN_INFO "Using R2D-1 interrupt controller.\n");
d = &intc_desc_r2d_1;
memcpy(irl2irq, irl2irq_r2d_1, R2D_NR_IRL);
break;
#endif
default:
printk(KERN_INFO "Unknown R2D interrupt controller 0x%04x\n",
__raw_readw(PA_VERREG));
Reported by FlawFinder.
crypto/aegis128-neon-inner.c
5 issues
Line: 22
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern int aegis128_have_aes_insn;
void *memcpy(void *dest, const void *src, size_t n);
struct aegis128_state {
uint8x16_t v[5];
};
Reported by FlawFinder.
Line: 251
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8x16_t m;
if (__builtin_expect(short_input, 0))
in = out = memcpy(buf + AEGIS_BLOCK_SIZE - size, src, size);
m = vqtbl1q_u8(vld1q_u8(in + size - AEGIS_BLOCK_SIZE),
vld1q_u8(permute + 32 - size));
st = aegis128_update_neon(st, m);
Reported by FlawFinder.
Line: 262
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vqtbl1q_u8(m ^ s, vld1q_u8(permute + size)));
if (__builtin_expect(short_input, 0))
memcpy(dst, out, size);
else
vst1q_u8(out - AEGIS_BLOCK_SIZE, msg);
}
aegis128_save_state_neon(st, state);
Reported by FlawFinder.
Line: 297
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8x16_t m;
if (__builtin_expect(short_input, 0))
in = out = memcpy(buf + AEGIS_BLOCK_SIZE - size, src, size);
m = s ^ vqtbx1q_u8(s, vld1q_u8(in + size - AEGIS_BLOCK_SIZE),
vld1q_u8(permute + 32 - size));
st = aegis128_update_neon(st, m);
Reported by FlawFinder.
Line: 308
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vqtbl1q_u8(m, vld1q_u8(permute + size)));
if (__builtin_expect(short_input, 0))
memcpy(dst, out, size);
else
vst1q_u8(out - AEGIS_BLOCK_SIZE, msg);
}
aegis128_save_state_neon(st, state);
Reported by FlawFinder.
arch/powerpc/kernel/vdso.c
5 issues
Line: 75
CWE codes:
570
static int vdso32_mremap(const struct vm_special_mapping *sm, struct vm_area_struct *new_vma)
{
return vdso_mremap(sm, new_vma, &vdso32_end - &vdso32_start);
}
static int vdso64_mremap(const struct vm_special_mapping *sm, struct vm_area_struct *new_vma)
{
return vdso_mremap(sm, new_vma, &vdso64_end - &vdso64_start);
Reported by Cppcheck.
Line: 80
CWE codes:
570
static int vdso64_mremap(const struct vm_special_mapping *sm, struct vm_area_struct *new_vma)
{
return vdso_mremap(sm, new_vma, &vdso64_end - &vdso64_start);
}
static vm_fault_t vvar_fault(const struct vm_special_mapping *sm,
struct vm_area_struct *vma, struct vm_fault *vmf);
Reported by Cppcheck.
Line: 203
CWE codes:
570
if (is_32bit_task()) {
vdso_spec = &vdso32_spec;
vdso_size = &vdso32_end - &vdso32_start;
vdso_base = VDSO32_MBASE;
} else {
vdso_spec = &vdso64_spec;
vdso_size = &vdso64_end - &vdso64_start;
/*
Reported by Cppcheck.
Line: 207
CWE codes:
570
vdso_base = VDSO32_MBASE;
} else {
vdso_spec = &vdso64_spec;
vdso_size = &vdso64_end - &vdso64_start;
/*
* On 64bit we don't have a preferred map address. This
* allows get_unmapped_area to find an area near other mmaps
* and most likely share a SLB entry.
*/
Reported by Cppcheck.
Line: 374
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/*
* Fill up the "systemcfg" stuff for backward compatibility
*/
strcpy((char *)vdso_data->eye_catcher, "SYSTEMCFG:PPC64");
vdso_data->version.major = SYSTEMCFG_MAJOR;
vdso_data->version.minor = SYSTEMCFG_MINOR;
vdso_data->processor = mfspr(SPRN_PVR);
/*
* Fake the old platform number for pSeries and add
Reported by FlawFinder.
arch/arm/kernel/signal.c
5 issues
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_CRUNCH
static int preserve_crunch_context(struct crunch_sigframe __user *frame)
{
char kbuf[sizeof(*frame) + 8];
struct crunch_sigframe *kframe;
/* the crunch context must be 64 bit aligned */
kframe = (struct crunch_sigframe *)((unsigned long)(kbuf + 8) & ~7);
kframe->magic = CRUNCH_MAGIC;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct crunch_sigframe __user *frame =
(struct crunch_sigframe __user *)*auxp;
char kbuf[sizeof(*frame) + 8];
struct crunch_sigframe *kframe;
/* the crunch context must be 64 bit aligned */
kframe = (struct crunch_sigframe *)((unsigned long)(kbuf + 8) & ~7);
if (__copy_from_user(kframe, frame, sizeof(*frame)))
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int preserve_iwmmxt_context(struct iwmmxt_sigframe __user *frame)
{
char kbuf[sizeof(*frame) + 8];
struct iwmmxt_sigframe *kframe;
int err = 0;
/* the iWMMXt context must be 64 bit aligned */
kframe = (struct iwmmxt_sigframe *)((unsigned long)(kbuf + 8) & ~7);
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iwmmxt_sigframe __user *frame =
(struct iwmmxt_sigframe __user *)*auxp;
char kbuf[sizeof(*frame) + 8];
struct iwmmxt_sigframe *kframe;
/* the iWMMXt context must be 64 bit aligned */
kframe = (struct iwmmxt_sigframe *)((unsigned long)(kbuf + 8) & ~7);
if (__copy_from_user(kframe, frame, sizeof(*frame)))
Reported by FlawFinder.
Line: 705
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
signal_return_offset = offset;
/* Copy signal return handlers into the page */
memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
/* Flush out all instructions in this page */
ptr = (unsigned long)addr;
flush_icache_range(ptr, ptr + PAGE_SIZE);
Reported by FlawFinder.
arch/s390/include/asm/cio.h
5 issues
Line: 290
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 params:24;
/* Node ID. */
char type[6];
char model[3];
char manufacturer[3];
char plant[2];
char seq[12];
u16 tag;
Reported by FlawFinder.
Line: 291
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Node ID. */
char type[6];
char model[3];
char manufacturer[3];
char plant[2];
char seq[12];
u16 tag;
} __packed;
Reported by FlawFinder.
Line: 292
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Node ID. */
char type[6];
char model[3];
char manufacturer[3];
char plant[2];
char seq[12];
u16 tag;
} __packed;
Reported by FlawFinder.
Line: 293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char type[6];
char model[3];
char manufacturer[3];
char plant[2];
char seq[12];
u16 tag;
} __packed;
/*
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[3];
char manufacturer[3];
char plant[2];
char seq[12];
u16 tag;
} __packed;
/*
* Flags used as input parameters for do_IO()
Reported by FlawFinder.
arch/x86/pci/intel_mid_pci.c
5 issues
Line: 76
Column: 24
CWE codes:
120
20
return 0;
while (pos) {
if (raw_pci_ext_ops->read(pci_domain_nr(bus), bus->number,
devfn, pos, 4, &pcie_cap))
return 0;
if (PCI_EXT_CAP_ID(pcie_cap) == 0x0000 ||
PCI_EXT_CAP_ID(pcie_cap) == 0xffff)
Reported by FlawFinder.
Line: 85
Column: 21
CWE codes:
120
20
break;
if (PCI_EXT_CAP_ID(pcie_cap) == PCI_EXT_CAP_ID_VNDR) {
raw_pci_ext_ops->read(pci_domain_nr(bus), bus->number,
devfn, pos + 4, 4, &cap_data);
if ((cap_data & 0xffff) == PCIE_VNDR_CAP_ID_FIXED_BAR)
return pos;
}
Reported by FlawFinder.
Line: 110
Column: 20
CWE codes:
120
20
if (val == ~0 && len == 4) {
unsigned long decode;
raw_pci_ext_ops->read(domain, busnum, devfn,
offset + 8 + (bar * 4), 4, &size);
/* Turn the size into a decode pattern for the sizing code */
if (size) {
decode = size - 1;
Reported by FlawFinder.
Line: 175
Column: 27
CWE codes:
120
20
int size, u32 *value)
{
if (type1_access_ok(bus->number, devfn, where))
return pci_direct_conf1.read(pci_domain_nr(bus), bus->number,
devfn, where, size, value);
return raw_pci_ext_ops->read(pci_domain_nr(bus), bus->number,
devfn, where, size, value);
}
Reported by FlawFinder.
Line: 177
Column: 26
CWE codes:
120
20
if (type1_access_ok(bus->number, devfn, where))
return pci_direct_conf1.read(pci_domain_nr(bus), bus->number,
devfn, where, size, value);
return raw_pci_ext_ops->read(pci_domain_nr(bus), bus->number,
devfn, where, size, value);
}
static int pci_write(struct pci_bus *bus, unsigned int devfn, int where,
int size, u32 value)
Reported by FlawFinder.
net/ipv6/seg6_iptunnel.c
5 issues
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EMSGSIZE;
data = nla_data(nla);
memcpy(data, tuninfo, len);
return 0;
}
static void set_tun_src(struct net *net, struct net_device *dev,
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tun_src = rcu_dereference(sdata->tun_src);
if (!ipv6_addr_any(tun_src)) {
memcpy(saddr, tun_src, sizeof(struct in6_addr));
} else {
ipv6_dev_get_saddr(net, dev, daddr, IPV6_PREFER_SRC_PUBLIC,
saddr);
}
Reported by FlawFinder.
Line: 168
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->nexthdr = NEXTHDR_ROUTING;
isrh = (void *)hdr + sizeof(*hdr);
memcpy(isrh, osrh, hdrlen);
isrh->nexthdr = proto;
hdr->daddr = isrh->segments[isrh->first_segment];
set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr);
Reported by FlawFinder.
Line: 217
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memmove(hdr, oldhdr, sizeof(*hdr));
isrh = (void *)hdr + sizeof(*hdr);
memcpy(isrh, osrh, hdrlen);
isrh->nexthdr = hdr->nexthdr;
hdr->nexthdr = NEXTHDR_ROUTING;
isrh->segments[0] = hdr->daddr;
Reported by FlawFinder.
Line: 461
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(&slwt->tuninfo, tuninfo, tuninfo_len);
newts->type = LWTUNNEL_ENCAP_SEG6;
newts->flags |= LWTUNNEL_STATE_INPUT_REDIRECT;
if (tuninfo->mode != SEG6_IPTUN_MODE_L2ENCAP)
Reported by FlawFinder.