The following issues were found
fs/nls/nls_base.c
5 issues
Line: 302
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_put(nls->owner);
}
static const wchar_t charset2uni[256] = {
/* 0x00*/
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 385
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00fc, 0x00fd, 0x00fe, 0x00ff,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 421
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
};
static const unsigned char *const page_uni2charset[256] = {
page00
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
Reported by FlawFinder.
Line: 425
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
page00
};
static const unsigned char charset2lower[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 461
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
};
static const unsigned char charset2upper[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
fs/ext4/mballoc.c
5 issues
Line: 396
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NR_GRPINFO_CACHES 8
static struct kmem_cache *ext4_groupinfo_caches[NR_GRPINFO_CACHES];
static const char * const ext4_groupinfo_slab_names[NR_GRPINFO_CACHES] = {
"ext4_groupinfo_1k", "ext4_groupinfo_2k", "ext4_groupinfo_4k",
"ext4_groupinfo_8k", "ext4_groupinfo_16k", "ext4_groupinfo_32k",
"ext4_groupinfo_64k", "ext4_groupinfo_128k"
};
Reported by FlawFinder.
Line: 612
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(grp->bb_bitmap, bh->b_data, sb->s_blocksize);
put_bh(bh);
}
static void mb_group_bb_bitmap_free(struct ext4_group_info *grp)
{
Reported by FlawFinder.
Line: 1315
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* see comments in ext4_mb_put_pa() */
ext4_lock_group(sb, group);
memcpy(data, bitmap, blocksize);
/* mark all preallocated blks used in in-core bitmap */
ext4_mb_generate_from_pa(sb, data, group);
ext4_mb_generate_from_freelist(sb, data, group);
ext4_unlock_group(sb, group);
Reported by FlawFinder.
Line: 2876
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buddy_loaded = 1;
}
memcpy(&sg, ext4_get_group_info(sb, group), i);
if (buddy_loaded)
ext4_mb_unload_buddy(&e4b);
seq_printf(seq, "#%-5u: %-5u %-5u %-5u [", group, sg.info.bb_free,
Reported by FlawFinder.
Line: 3086
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rcu_read_lock();
old_groupinfo = rcu_dereference(sbi->s_group_info);
if (old_groupinfo)
memcpy(new_groupinfo, old_groupinfo,
sbi->s_group_info_size * sizeof(*sbi->s_group_info));
rcu_read_unlock();
rcu_assign_pointer(sbi->s_group_info, new_groupinfo);
sbi->s_group_info_size = size / sizeof(*sbi->s_group_info);
if (old_groupinfo)
Reported by FlawFinder.
fs/xfs/xfs_log_recover.c
5 issues
Line: 1511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
recp->h_fmt = cpu_to_be32(XLOG_FMT);
memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
}
STATIC int
xlog_write_log_records(
struct xlog *log,
Reported by FlawFinder.
Line: 2054
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xlog_recover_add_item(&trans->r_itemq);
ptr = (char *)&trans->r_theader +
sizeof(struct xfs_trans_header) - len;
memcpy(ptr, dp, len);
return 0;
}
/* take the tail entry */
item = list_entry(trans->r_itemq.prev, struct xlog_recover_item,
Reported by FlawFinder.
Line: 2066
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_len = item->ri_buf[item->ri_cnt-1].i_len;
ptr = krealloc(old_ptr, len + old_len, GFP_KERNEL | __GFP_NOFAIL);
memcpy(&ptr[old_len], dp, len);
item->ri_buf[item->ri_cnt-1].i_len += len;
item->ri_buf[item->ri_cnt-1].i_addr = ptr;
trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
return 0;
}
Reported by FlawFinder.
Line: 2121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (len == sizeof(struct xfs_trans_header))
xlog_recover_add_item(&trans->r_itemq);
memcpy(&trans->r_theader, dp, len);
return 0;
}
ptr = kmem_alloc(len, 0);
memcpy(ptr, dp, len);
Reported by FlawFinder.
Line: 2126
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ptr = kmem_alloc(len, 0);
memcpy(ptr, dp, len);
in_f = (struct xfs_inode_log_format *)ptr;
/* take the tail entry */
item = list_entry(trans->r_itemq.prev, struct xlog_recover_item,
ri_list);
Reported by FlawFinder.
include/linux/maple.h
5 issues
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct maple_buffer {
char bufx[0x400];
void *buf;
};
struct mapleq {
struct list_head list;
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long function_data[3];
unsigned char area_code;
unsigned char connector_direction;
char product_name[31];
char product_licence[61];
unsigned short standby_power;
unsigned short max_power;
};
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char area_code;
unsigned char connector_direction;
char product_name[31];
char product_licence[61];
unsigned short standby_power;
unsigned short max_power;
};
struct maple_device {
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long when, interval, function;
struct maple_devinfo devinfo;
unsigned char port, unit;
char product_name[32];
char product_licence[64];
atomic_t busy;
wait_queue_head_t maple_wait;
struct device dev;
};
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct maple_devinfo devinfo;
unsigned char port, unit;
char product_name[32];
char product_licence[64];
atomic_t busy;
wait_queue_head_t maple_wait;
struct device dev;
};
Reported by FlawFinder.
drivers/perf/xgene_pmu.c
5 issues
Line: 498
XGENE_PMU_EVENT_ATTR(rd-req-sent-to-mcu-2, 0x07),
XGENE_PMU_EVENT_ATTR(rd-req-sent-to-spec-mcu, 0x08),
XGENE_PMU_EVENT_ATTR(rd-req-sent-to-spec-mcu-2, 0x09),
XGENE_PMU_EVENT_ATTR(glbl-ack-recv-for-rd-sent-to-spec-mcu, 0x0a),
XGENE_PMU_EVENT_ATTR(glbl-ack-go-recv-for-rd-sent-to-spec-mcu, 0x0b),
XGENE_PMU_EVENT_ATTR(glbl-ack-nogo-recv-for-rd-sent-to-spec-mcu, 0x0c),
XGENE_PMU_EVENT_ATTR(glbl-ack-go-recv-any-rd-req, 0x0d),
XGENE_PMU_EVENT_ATTR(glbl-ack-go-recv-any-rd-req-2, 0x0e),
XGENE_PMU_EVENT_ATTR(wr-req-sent-to-mcu, 0x0f),
Reported by Cppcheck.
Line: 311
Column: 28
CWE codes:
120
20
static struct attribute *iob_pmu_events_attrs[] = {
XGENE_PMU_EVENT_ATTR(cycle-count, 0x00),
XGENE_PMU_EVENT_ATTR(cycle-count-div-64, 0x01),
XGENE_PMU_EVENT_ATTR(axi0-read, 0x02),
XGENE_PMU_EVENT_ATTR(axi0-read-partial, 0x03),
XGENE_PMU_EVENT_ATTR(axi1-read, 0x04),
XGENE_PMU_EVENT_ATTR(axi1-read-partial, 0x05),
XGENE_PMU_EVENT_ATTR(csw-read-block, 0x06),
XGENE_PMU_EVENT_ATTR(csw-read-partial, 0x07),
Reported by FlawFinder.
Line: 313
Column: 28
CWE codes:
120
20
XGENE_PMU_EVENT_ATTR(cycle-count-div-64, 0x01),
XGENE_PMU_EVENT_ATTR(axi0-read, 0x02),
XGENE_PMU_EVENT_ATTR(axi0-read-partial, 0x03),
XGENE_PMU_EVENT_ATTR(axi1-read, 0x04),
XGENE_PMU_EVENT_ATTR(axi1-read-partial, 0x05),
XGENE_PMU_EVENT_ATTR(csw-read-block, 0x06),
XGENE_PMU_EVENT_ATTR(csw-read-partial, 0x07),
XGENE_PMU_EVENT_ATTR(axi0-write, 0x10),
XGENE_PMU_EVENT_ATTR(axi0-write-partial, 0x11),
Reported by FlawFinder.
Line: 328
Column: 27
CWE codes:
120
20
static struct attribute *mcb_pmu_events_attrs[] = {
XGENE_PMU_EVENT_ATTR(cycle-count, 0x00),
XGENE_PMU_EVENT_ATTR(cycle-count-div-64, 0x01),
XGENE_PMU_EVENT_ATTR(csw-read, 0x02),
XGENE_PMU_EVENT_ATTR(csw-write-request, 0x03),
XGENE_PMU_EVENT_ATTR(mcb-csw-stall, 0x04),
XGENE_PMU_EVENT_ATTR(cancel-read-gack, 0x05),
NULL,
};
Reported by FlawFinder.
Line: 397
Column: 23
CWE codes:
120
20
XGENE_PMU_EVENT_ATTR(write-not-caused-replacement, 0x05),
XGENE_PMU_EVENT_ATTR(clean-eviction, 0x06),
XGENE_PMU_EVENT_ATTR(dirty-eviction, 0x07),
XGENE_PMU_EVENT_ATTR(read, 0x08),
XGENE_PMU_EVENT_ATTR(write, 0x09),
XGENE_PMU_EVENT_ATTR(request, 0x0a),
XGENE_PMU_EVENT_ATTR(tq-bank-conflict-issue-stall, 0x0b),
XGENE_PMU_EVENT_ATTR(tq-full, 0x0c),
XGENE_PMU_EVENT_ATTR(ackq-full, 0x0d),
Reported by FlawFinder.
drivers/platform/x86/dell/dell-smbios-wmi.c
5 issues
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
obj->integer.value);
return -EIO;
}
memcpy(&priv->buf->std, obj->buffer.pointer, obj->buffer.length);
dev_dbg(&wdev->dev, "result: [%08x,%08x,%08x,%08x]\n",
priv->buf->std.output[0], priv->buf->std.output[1],
priv->buf->std.output[2], priv->buf->std.output[3]);
kfree(output.pointer);
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
difference = priv->req_buf_size - sizeof(u64) - size;
memset(&priv->buf->ext, 0, difference);
memcpy(&priv->buf->std, buffer, size);
ret = run_smbios_call(priv->wdev);
memcpy(buffer, &priv->buf->std, size);
out_wmi_call:
mutex_unlock(&call_mutex);
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&priv->buf->ext, 0, difference);
memcpy(&priv->buf->std, buffer, size);
ret = run_smbios_call(priv->wdev);
memcpy(buffer, &priv->buf->std, size);
out_wmi_call:
mutex_unlock(&call_mutex);
return ret;
}
Reported by FlawFinder.
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -ENODEV;
goto fail_smbios_cmd;
}
memcpy(priv->buf, arg, priv->req_buf_size);
if (dell_smbios_call_filter(&wdev->dev, &priv->buf->std)) {
dev_err(&wdev->dev, "Invalid call %d/%d:%8x\n",
priv->buf->std.cmd_class,
priv->buf->std.cmd_select,
priv->buf->std.input[0]);
Reported by FlawFinder.
Line: 136
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = run_smbios_call(priv->wdev);
if (ret)
goto fail_smbios_cmd;
memcpy(arg, priv->buf, priv->req_buf_size);
fail_smbios_cmd:
mutex_unlock(&call_mutex);
break;
default:
ret = -ENOIOCTLCMD;
Reported by FlawFinder.
drivers/opp/debugfs.c
5 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct icc_path *path = fp->private_data;
char buf[64];
int i;
i = scnprintf(buf, sizeof(buf), "%.62s\n", icc_get_name(path));
return simple_read_from_buffer(userbuf, count, ppos, buf, i);
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dentry *pdentry)
{
struct dentry *d;
char name[11];
int i;
for (i = 0; i < opp_table->path_count; i++) {
snprintf(name, sizeof(name), "icc-path-%.1d", i);
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
for (i = 0; i < opp_table->regulator_count; i++) {
char name[15];
snprintf(name, sizeof(name), "supply-%d", i);
/* Create per-opp directory */
d = debugfs_create_dir(name, pdentry);
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dentry *pdentry = opp_table->dentry;
struct dentry *d;
unsigned long id;
char name[25]; /* 20 chars for 64 bit value + 5 (opp:\0) */
/*
* Get directory name for OPP.
*
* - Normally rate is unique to each OPP, use it to get unique opp-name.
Reported by FlawFinder.
Line: 161
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void opp_list_debug_create_link(struct opp_device *opp_dev,
struct opp_table *opp_table)
{
char name[NAME_MAX];
opp_set_dev_name(opp_dev->dev, name);
/* Create device specific directory link */
opp_dev->dentry = debugfs_create_symlink(name, rootdir,
Reported by FlawFinder.
drivers/net/wireless/rsi/rsi_91x_debugfs.c
5 issues
Line: 253
Column: 14
CWE codes:
362
return len;
}
#define FOPS(fopen) { \
.owner = THIS_MODULE, \
.open = (fopen), \
.read = seq_read, \
.llseek = seq_lseek, \
}
Reported by FlawFinder.
Line: 255
Column: 11
CWE codes:
362
#define FOPS(fopen) { \
.owner = THIS_MODULE, \
.open = (fopen), \
.read = seq_read, \
.llseek = seq_lseek, \
}
#define FOPS_RW(fopen, fwrite) { \
Reported by FlawFinder.
Line: 260
Column: 17
CWE codes:
362
.llseek = seq_lseek, \
}
#define FOPS_RW(fopen, fwrite) { \
.owner = THIS_MODULE, \
.open = (fopen), \
.read = seq_read, \
.llseek = seq_lseek, \
.write = (fwrite), \
Reported by FlawFinder.
Line: 262
Column: 11
CWE codes:
362
#define FOPS_RW(fopen, fwrite) { \
.owner = THIS_MODULE, \
.open = (fopen), \
.read = seq_read, \
.llseek = seq_lseek, \
.write = (fwrite), \
}
Reported by FlawFinder.
Line: 285
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rsi_common *common = adapter->priv;
struct rsi_debugfs *dev_dbgfs;
char devdir[6];
int ii;
const struct rsi_dbg_files *files;
dev_dbgfs = kzalloc(sizeof(*dev_dbgfs), GFP_KERNEL);
if (!dev_dbgfs)
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c
5 issues
Line: 178
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return -EINVAL;
if (check_property_type(enumeration, next_obj, ACPI_TYPE_STRING))
return -EINVAL;
strcat(wmi_priv.enumeration_data[instance_id].dell_value_modifier,
enumeration_obj[next_obj++].string.pointer);
strcat(wmi_priv.enumeration_data[instance_id].dell_value_modifier, ";");
}
if (next_obj >= enum_property_count)
Reported by FlawFinder.
Line: 195
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return -EINVAL;
if (check_property_type(enumeration, next_obj, ACPI_TYPE_STRING))
return -EINVAL;
strcat(wmi_priv.enumeration_data[instance_id].possible_values,
enumeration_obj[next_obj++].string.pointer);
strcat(wmi_priv.enumeration_data[instance_id].possible_values, ";");
}
return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
Reported by FlawFinder.
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
char *buf)
{
return sprintf(buf, "enumeration\n");
}
static struct kobj_attribute type =
__ATTR_RO(type);
static struct attribute *enumeration_attrs[] = {
Reported by FlawFinder.
Line: 180
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return -EINVAL;
strcat(wmi_priv.enumeration_data[instance_id].dell_value_modifier,
enumeration_obj[next_obj++].string.pointer);
strcat(wmi_priv.enumeration_data[instance_id].dell_value_modifier, ";");
}
if (next_obj >= enum_property_count)
return -EINVAL;
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return -EINVAL;
strcat(wmi_priv.enumeration_data[instance_id].possible_values,
enumeration_obj[next_obj++].string.pointer);
strcat(wmi_priv.enumeration_data[instance_id].possible_values, ";");
}
return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
}
Reported by FlawFinder.
drivers/s390/cio/device_status.c
5 issues
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ccw_device_msg_control_check(struct ccw_device *cdev, struct irb *irb)
{
struct subchannel *sch = to_subchannel(cdev->dev.parent);
char dbf_text[15];
if (!scsw_is_valid_cstat(&irb->scsw) ||
!(scsw_cstat(&irb->scsw) & (SCHN_STAT_CHN_DATA_CHK |
SCHN_STAT_CHN_CTRL_CHK | SCHN_STAT_INTF_CTRL_CHK)))
return;
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cdev->private->dev_id.devno, sch->schid.ssid,
sch->schid.sch_no,
scsw_dstat(&irb->scsw), scsw_cstat(&irb->scsw));
sprintf(dbf_text, "chk%x", sch->schid.sch_no);
CIO_TRACE_EVENT(0, dbf_text);
CIO_HEX_EVENT(0, irb, sizeof(struct irb));
}
/*
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!cdev->private->dma_area->irb.scsw.cmd.ectl)
return;
/* Copy concurrent sense / model dependent information. */
memcpy(&cdev->private->dma_area->irb.ecw, irb->ecw, sizeof(irb->ecw));
}
/*
* Check if extended status word is valid.
*/
Reported by FlawFinder.
Line: 163
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cdev_irb->esw.esw0.erw.fsavf = irb->esw.esw0.erw.fsavf;
if (cdev_irb->esw.esw0.erw.fsavf) {
/* ... and copy the failing storage address. */
memcpy(cdev_irb->esw.esw0.faddr, irb->esw.esw0.faddr,
sizeof (irb->esw.esw0.faddr));
/* ... and copy the failing storage address format. */
cdev_irb->esw.esw0.erw.fsaf = irb->esw.esw0.erw.fsaf;
}
/* Copy secondary ccw address validity bit. */
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ccw_device_path_notoper(cdev);
/* No irb accumulation for transport mode irbs. */
if (scsw_is_tm(&irb->scsw)) {
memcpy(&cdev->private->dma_area->irb, irb, sizeof(struct irb));
return;
}
/*
* Don't accumulate unsolicited interrupts.
*/
Reported by FlawFinder.