The following issues were found
include/trace/events/block.h
5 issues
Line: 171
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
blk_fill_rwbs(__entry->rwbs, rq->cmd_flags);
__get_str(cmd)[0] = '\0';
memcpy(__entry->comm, current->comm, TASK_COMM_LEN);
),
TP_printk("%d,%d %s %u (%s) %llu + %u [%s]",
MAJOR(__entry->dev), MINOR(__entry->dev),
__entry->rwbs, __entry->bytes, __get_str(cmd),
Reported by FlawFinder.
Line: 280
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->sector = bio->bi_iter.bi_sector;
__entry->nr_sector = bio_sectors(bio);
blk_fill_rwbs(__entry->rwbs, bio->bi_opf);
memcpy(__entry->comm, current->comm, TASK_COMM_LEN);
),
TP_printk("%d,%d %s %llu + %u [%s]",
MAJOR(__entry->dev), MINOR(__entry->dev), __entry->rwbs,
(unsigned long long)__entry->sector,
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->comm, current->comm, TASK_COMM_LEN);
),
TP_printk("[%s]", __entry->comm)
);
Reported by FlawFinder.
Line: 386
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__entry->nr_rq = depth;
memcpy(__entry->comm, current->comm, TASK_COMM_LEN);
),
TP_printk("[%s] %d", __entry->comm, __entry->nr_rq)
);
Reported by FlawFinder.
Line: 437
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->sector = bio->bi_iter.bi_sector;
__entry->new_sector = new_sector;
blk_fill_rwbs(__entry->rwbs, bio->bi_opf);
memcpy(__entry->comm, current->comm, TASK_COMM_LEN);
),
TP_printk("%d,%d %s %llu / %llu [%s]",
MAJOR(__entry->dev), MINOR(__entry->dev), __entry->rwbs,
(unsigned long long)__entry->sector,
Reported by FlawFinder.
lib/bootconfig.c
5 issues
Line: 129
Column: 12
CWE codes:
126
xbc_node_match_prefix(struct xbc_node *node, const char **prefix)
{
const char *p = xbc_node_get_data(node);
int len = strlen(p);
if (strncmp(*prefix, p, len))
return false;
p = *prefix + len;
Reported by FlawFinder.
Line: 452
Column: 13
CWE codes:
126
ret = strchr(p, '\n');
if (!ret)
ret = p + strlen(p);
else
ret++;
return ret;
}
Reported by FlawFinder.
Line: 752
Column: 10
CWE codes:
126
len = 0;
while (n) {
wlen = strlen(xbc_node_get_data(n)) + 1;
len += wlen;
if (len > XBC_KEYLEN_MAX)
return xbc_parse_error("Too long key length",
xbc_node_get_data(n));
Reported by FlawFinder.
Line: 773
Column: 11
CWE codes:
126
n = xbc_node_get_parent(n);
if (!n)
break;
len -= strlen(xbc_node_get_data(n)) + 1;
depth--;
m = xbc_node_get_next(n);
}
n = m;
}
Reported by FlawFinder.
Line: 828
Column: 8
CWE codes:
126
return -EBUSY;
}
ret = strlen(buf);
if (ret > XBC_DATA_MAX - 1 || ret == 0) {
if (emsg)
*emsg = ret ? "Config data is too big" :
"Config data is empty";
return -ERANGE;
Reported by FlawFinder.
net/9p/trans_fd.c
5 issues
Line: 1038
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
sun_server.sun_family = PF_UNIX;
strcpy(sun_server.sun_path, addr);
err = __sock_create(current->nsproxy->net_ns, PF_UNIX,
SOCK_STREAM, 0, &csocket, 1);
if (err < 0) {
pr_err("%s (%d): problem creating socket\n",
__func__, task_pid_nr(current));
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head unsent_req_list;
struct p9_req_t *rreq;
struct p9_req_t *wreq;
char tmp_buf[7];
struct p9_fcall rc;
int wpos;
int wsize;
char *wbuf;
struct list_head poll_pending_link;
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error;
}
m->rc.sdata = m->rreq->rc.sdata;
memcpy(m->rc.sdata, m->tmp_buf, m->rc.capacity);
m->rc.capacity = m->rc.size;
}
/* packet is read in
* not an else because some packets (like clunk) have no payload
Reported by FlawFinder.
Line: 1028
Column: 16
CWE codes:
126
csocket = NULL;
if (!addr || !strlen(addr))
return -EINVAL;
if (strlen(addr) >= UNIX_PATH_MAX) {
pr_err("%s (%d): address too long: %s\n",
__func__, task_pid_nr(current), addr);
Reported by FlawFinder.
Line: 1031
Column: 6
CWE codes:
126
if (!addr || !strlen(addr))
return -EINVAL;
if (strlen(addr) >= UNIX_PATH_MAX) {
pr_err("%s (%d): address too long: %s\n",
__func__, task_pid_nr(current), addr);
return -ENAMETOOLONG;
}
Reported by FlawFinder.
mm/page_alloc.c
5 issues
Line: 298
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[ZONE_MOVABLE] = 0,
};
static char * const zone_names[MAX_NR_ZONES] = {
#ifdef CONFIG_ZONE_DMA
"DMA",
#endif
#ifdef CONFIG_ZONE_DMA32
"DMA32",
Reported by FlawFinder.
Line: 315
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
};
const char * const migratetype_names[MIGRATE_TYPES] = {
"Unmovable",
"Movable",
"Reclaimable",
"HighAtomic",
#ifdef CONFIG_CMA
Reported by FlawFinder.
Line: 5852
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void show_migration_types(unsigned char type)
{
static const char types[MIGRATE_TYPES] = {
[MIGRATE_UNMOVABLE] = 'U',
[MIGRATE_MOVABLE] = 'M',
[MIGRATE_RECLAIMABLE] = 'E',
[MIGRATE_HIGHATOMIC] = 'H',
#ifdef CONFIG_CMA
Reported by FlawFinder.
Line: 5864
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[MIGRATE_ISOLATE] = 'I',
#endif
};
char tmp[MIGRATE_TYPES + 1];
char *p = tmp;
int i;
for (i = 0; i < MIGRATE_TYPES; i++) {
if (type & (1 << i))
Reported by FlawFinder.
Line: 6042
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for_each_populated_zone(zone) {
unsigned int order;
unsigned long nr[MAX_ORDER], flags, total = 0;
unsigned char types[MAX_ORDER];
if (show_mem_node_skip(filter, zone_to_nid(zone), nodemask))
continue;
show_node(zone);
printk(KERN_CONT "%s: ", zone->name);
Reported by FlawFinder.
net/atm/mpoa_caches.c
5 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
client->in_cache->prev = entry;
client->in_cache = entry;
memcpy(entry->MPS_ctrl_ATM_addr, client->mps_ctrl_addr, ATM_ESA_LEN);
entry->ctrl_info.in_dst_ip = dst_ip;
entry->time = ktime_get_seconds();
entry->retry_time = client->parameters.mpc_p4;
entry->count = 1;
entry->entry_state = INGRESS_INVALID;
Reported by FlawFinder.
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (entry->count > mpc->parameters.mpc_p1) {
msg.type = SND_MPOA_RES_RQST;
msg.content.in_info = entry->ctrl_info;
memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN);
qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip);
if (qos != NULL)
msg.qos = qos->qos;
msg_to_mpoad(&msg, mpc);
entry->reply_wait = ktime_get_seconds();
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mpc->dev->name, &entry->ctrl_info.in_dst_ip);
entry->entry_state = INGRESS_RESOLVING;
msg.type = SND_MPOA_RES_RQST;
memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN);
msg.content.in_info = entry->ctrl_info;
qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip);
if (qos != NULL)
msg.qos = qos->qos;
msg_to_mpoad(&msg, mpc);
Reported by FlawFinder.
Line: 284
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Ask daemon to send a resolution request. */
memset(&entry->hold_down, 0, sizeof(time64_t));
msg.type = SND_MPOA_RES_RTRY;
memcpy(msg.MPS_ctrl, client->mps_ctrl_addr, ATM_ESA_LEN);
msg.content.in_info = entry->ctrl_info;
qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip);
if (qos != NULL)
msg.qos = qos->qos;
msg_to_mpoad(&msg, client);
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
client->eg_cache->prev = entry;
client->eg_cache = entry;
memcpy(entry->MPS_ctrl_ATM_addr, client->mps_ctrl_addr, ATM_ESA_LEN);
entry->ctrl_info = msg->content.eg_info;
entry->time = ktime_get_seconds();
entry->entry_state = EGRESS_RESOLVED;
dprintk("new_eg_cache_entry cache_id %u\n",
ntohl(entry->ctrl_info.cache_id));
Reported by FlawFinder.
kernel/bpf/preload/iterators/iterators.c
5 issues
Line: 32
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
obj.link_id = info.id;
if (strlen(link_name) >= sizeof(obj.link_name))
return -E2BIG;
strcpy(obj.link_name, link_name);
if (write(to_kernel, &obj, sizeof(obj)) != sizeof(obj))
return -EPIPE;
return 0;
}
Reported by FlawFinder.
Line: 45
Column: 13
CWE codes:
362
int err, magic;
int debug_fd;
debug_fd = open("/dev/console", O_WRONLY | O_NOCTTY | O_CLOEXEC);
if (debug_fd < 0)
return 1;
to_kernel = dup(1);
close(1);
dup(debug_fd);
Reported by FlawFinder.
Line: 30
Column: 6
CWE codes:
126
if (err)
return err;
obj.link_id = info.id;
if (strlen(link_name) >= sizeof(obj.link_name))
return -E2BIG;
strcpy(obj.link_name, link_name);
if (write(to_kernel, &obj, sizeof(obj)) != sizeof(obj))
return -EPIPE;
return 0;
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
120
20
dup(debug_fd);
/* now stdin and stderr point to /dev/console */
read(from_kernel, &magic, sizeof(magic));
if (magic != BPF_PRELOAD_START) {
printf("bad start magic %d\n", magic);
return 1;
}
setrlimit(RLIMIT_MEMLOCK, &rlim);
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
120
20
/* The kernel will proceed with pinnging the links in bpffs.
* UMD will wait on read from pipe.
*/
read(from_kernel, &magic, sizeof(magic));
if (magic != BPF_PRELOAD_END) {
printf("bad final magic %d\n", magic);
err = -EINVAL;
}
cleanup:
Reported by FlawFinder.
drivers/hwmon/lm92.c
5 issues
Line: 143
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm92_data *data = lm92_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index]));
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 174
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct lm92_data *data = lm92_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index])
- TEMP_FROM_REG(data->temp[t_hyst]));
}
static ssize_t temp1_min_hyst_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 183
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct lm92_data *data = lm92_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[t_min])
+ TEMP_FROM_REG(data->temp[t_hyst]));
}
static ssize_t temp_hyst_store(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct lm92_data *data = lm92_update_device(dev);
return sprintf(buf, "%d\n", ALARMS_FROM_REG(data->temp[t_input]));
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 224
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int bitnr = to_sensor_dev_attr(attr)->index;
struct lm92_data *data = lm92_update_device(dev);
return sprintf(buf, "%d\n", (data->temp[t_input] >> bitnr) & 1);
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, t_input);
static SENSOR_DEVICE_ATTR_RW(temp1_crit, temp, t_crit);
static SENSOR_DEVICE_ATTR_RW(temp1_crit_hyst, temp_hyst, t_crit);
Reported by FlawFinder.
drivers/hwmon/max1668.c
5 issues
Line: 139
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", data->temp[index] * 1000);
}
static ssize_t show_temp_max(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 151
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", data->temp_max[index] * 1000);
}
static ssize_t show_temp_min(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 163
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", data->temp_min[index] * 1000);
}
static ssize_t show_alarm(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", (data->alarms >> index) & 0x1);
}
static ssize_t show_fault(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n",
(data->alarms & (1 << 12)) && data->temp[index] == 127);
}
static ssize_t set_temp_max(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
drivers/iio/light/tsl2772.c
5 issues
Line: 630
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
/* If Operational settings defined elsewhere.. */
if (chip->pdata && chip->pdata->platform_default_settings)
memcpy(&chip->settings, chip->pdata->platform_default_settings,
sizeof(tsl2772_default_settings));
else
memcpy(&chip->settings, &tsl2772_default_settings,
sizeof(tsl2772_default_settings));
Reported by FlawFinder.
Line: 633
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&chip->settings, chip->pdata->platform_default_settings,
sizeof(tsl2772_default_settings));
else
memcpy(&chip->settings, &tsl2772_default_settings,
sizeof(tsl2772_default_settings));
/* Load up the proper lux table. */
if (chip->pdata && chip->pdata->platform_lux_table[0].ch0 != 0)
memcpy(chip->tsl2772_device_lux,
Reported by FlawFinder.
Line: 638
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Load up the proper lux table. */
if (chip->pdata && chip->pdata->platform_lux_table[0].ch0 != 0)
memcpy(chip->tsl2772_device_lux,
chip->pdata->platform_lux_table,
sizeof(chip->pdata->platform_lux_table));
else
memcpy(chip->tsl2772_device_lux,
tsl2772_default_lux_table_group[chip->id],
Reported by FlawFinder.
Line: 642
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
chip->pdata->platform_lux_table,
sizeof(chip->pdata->platform_lux_table));
else
memcpy(chip->tsl2772_device_lux,
tsl2772_default_lux_table_group[chip->id],
TSL2772_DEFAULT_TABLE_BYTES);
tsl2772_parse_dt(chip);
}
Reported by FlawFinder.
Line: 1040
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Zero out the table */
memset(chip->tsl2772_device_lux, 0, sizeof(chip->tsl2772_device_lux));
memcpy(chip->tsl2772_device_lux, &value[1], (value[0] * 4));
ret = tsl2772_invoke_change(indio_dev);
if (ret < 0)
return ret;
Reported by FlawFinder.
drivers/iio/light/tsl2583.c
5 issues
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
chip->als_settings.als_cal_target = 130;
/* Default lux table. */
memcpy(chip->als_settings.als_device_lux, tsl2583_default_lux,
sizeof(tsl2583_default_lux));
}
/*
* Reads and calculates current lux value.
Reported by FlawFinder.
Line: 478
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
mutex_lock(&chip->als_mutex);
ret = sprintf(buf, "%d\n", chip->als_settings.als_cal_target);
mutex_unlock(&chip->als_mutex);
return ret;
}
Reported by FlawFinder.
Line: 536
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int offset = 0;
for (i = 0; i < ARRAY_SIZE(chip->als_settings.als_device_lux); i++) {
offset += sprintf(buf + offset, "%u,%u,%u,",
chip->als_settings.als_device_lux[i].ratio,
chip->als_settings.als_device_lux[i].ch0,
chip->als_settings.als_device_lux[i].ch1);
if (chip->als_settings.als_device_lux[i].ratio == 0) {
/*
Reported by FlawFinder.
Line: 589
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(chip->als_settings.als_device_lux, &value[1],
value[0] * sizeof(value[1]));
ret = len;
done:
Reported by FlawFinder.
Line: 550
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
offset += sprintf(buf + offset, "\n");
return offset;
}
static ssize_t in_illuminance_lux_table_store(struct device *dev,
Reported by FlawFinder.