The following issues were found
net/llc/llc_sap.c
4 issues
Line: 238
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->saddr.lsap = sap->laddr.lsap;
ev->daddr.lsap = dsap;
memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
ev->type = LLC_SAP_EV_TYPE_PRIM;
ev->prim = LLC_TEST_PRIM;
ev->prim_type = LLC_PRIM_TYPE_REQ;
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->saddr.lsap = sap->laddr.lsap;
ev->daddr.lsap = dsap;
memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
ev->type = LLC_SAP_EV_TYPE_PRIM;
ev->prim = LLC_TEST_PRIM;
ev->prim_type = LLC_PRIM_TYPE_REQ;
llc_sap_state_process(sap, skb);
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->saddr.lsap = sap->laddr.lsap;
ev->daddr.lsap = dsap;
memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
ev->type = LLC_SAP_EV_TYPE_PRIM;
ev->prim = LLC_XID_PRIM;
ev->prim_type = LLC_PRIM_TYPE_REQ;
Reported by FlawFinder.
Line: 265
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->saddr.lsap = sap->laddr.lsap;
ev->daddr.lsap = dsap;
memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
ev->type = LLC_SAP_EV_TYPE_PRIM;
ev->prim = LLC_XID_PRIM;
ev->prim_type = LLC_PRIM_TYPE_REQ;
llc_sap_state_process(sap, skb);
Reported by FlawFinder.
net/mac80211/mesh_plink.c
4 issues
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mgmt = skb_put_zero(skb, hdr_len);
mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
IEEE80211_STYPE_ACTION);
memcpy(mgmt->da, da, ETH_ALEN);
memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED;
mgmt->u.action.u.self_prot.action_code = action;
Reported by FlawFinder.
Line: 254
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
IEEE80211_STYPE_ACTION);
memcpy(mgmt->da, da, ETH_ALEN);
memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED;
mgmt->u.action.u.self_prot.action_code = action;
if (action != WLAN_SP_MESH_PEERING_CLOSE) {
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IEEE80211_STYPE_ACTION);
memcpy(mgmt->da, da, ETH_ALEN);
memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED;
mgmt->u.action.u.self_prot.action_code = action;
if (action != WLAN_SP_MESH_PEERING_CLOSE) {
struct ieee80211_supported_band *sband;
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = skb_put(skb, 2 + ie_len);
*pos++ = WLAN_EID_PEER_MGMT;
*pos++ = ie_len;
memcpy(pos, &peering_proto, 2);
pos += 2;
put_unaligned_le16(llid, pos);
pos += 2;
if (include_plid) {
put_unaligned_le16(plid, pos);
Reported by FlawFinder.
kernel/trace/trace_branch.c
4 issues
Line: 72
Column: 21
CWE codes:
126
entry = ring_buffer_event_data(event);
/* Strip off the path, only save the file */
p = f->data.file + strlen(f->data.file);
while (p >= f->data.file && *p != '/')
p--;
p++;
strncpy(entry->func, f->data.func, TRACE_FUNC_SIZE);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
120
p--;
p++;
strncpy(entry->func, f->data.func, TRACE_FUNC_SIZE);
strncpy(entry->file, p, TRACE_FILE_SIZE);
entry->func[TRACE_FUNC_SIZE] = 0;
entry->file[TRACE_FILE_SIZE] = 0;
entry->constant = f->constant;
entry->line = f->data.line;
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
p++;
strncpy(entry->func, f->data.func, TRACE_FUNC_SIZE);
strncpy(entry->file, p, TRACE_FILE_SIZE);
entry->func[TRACE_FUNC_SIZE] = 0;
entry->file[TRACE_FILE_SIZE] = 0;
entry->constant = f->constant;
entry->line = f->data.line;
entry->correct = val == expect;
Reported by FlawFinder.
Line: 265
Column: 16
CWE codes:
126
const char *f;
/* Only print the file, not the path */
f = p->file + strlen(p->file);
while (f >= p->file && *f != '/')
f--;
return ++f;
}
Reported by FlawFinder.
include/net/6lowpan.h
4 issues
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
ipaddr->s6_addr[0] = 0xFE;
ipaddr->s6_addr[1] = 0x80;
memcpy(&ipaddr->s6_addr[8], lladdr, EUI64_ADDR_LEN);
/* second bit-flip (Universe/Local)
* is done according RFC2464
*/
ipaddr->s6_addr[8] ^= 0x02;
}
Reported by FlawFinder.
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
ipaddr->s6_addr[0] = 0xFE;
ipaddr->s6_addr[1] = 0x80;
memcpy(&ipaddr->s6_addr[8], lladdr, 3);
ipaddr->s6_addr[11] = 0xFF;
ipaddr->s6_addr[12] = 0xFE;
memcpy(&ipaddr->s6_addr[13], lladdr + 3, 3);
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&ipaddr->s6_addr[8], lladdr, 3);
ipaddr->s6_addr[11] = 0xFF;
ipaddr->s6_addr[12] = 0xFE;
memcpy(&ipaddr->s6_addr[13], lladdr + 3, 3);
}
#ifdef DEBUG
/* print data in line */
static inline void raw_dump_inline(const char *caller, char *msg,
Reported by FlawFinder.
Line: 281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void lowpan_push_hc_data(u8 **hc_ptr, const void *data,
const size_t len)
{
memcpy(*hc_ptr, data, len);
*hc_ptr += len;
}
int lowpan_register_netdevice(struct net_device *dev,
enum lowpan_lltypes lltype);
Reported by FlawFinder.
net/mac80211/rate.c
4 issues
Line: 772
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
if (sdata->rc_has_mcs_mask[sband->band])
memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[sband->band],
IEEE80211_HT_MCS_MASK_LEN);
else
memset(mcs_mask, 0xff, IEEE80211_HT_MCS_MASK_LEN);
if (sdata->rc_has_vht_mcs_mask[sband->band])
Reported by FlawFinder.
Line: 778
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(mcs_mask, 0xff, IEEE80211_HT_MCS_MASK_LEN);
if (sdata->rc_has_vht_mcs_mask[sband->band])
memcpy(vht_mask, sdata->rc_rateidx_vht_mcs_mask[sband->band],
sizeof(u16) * NL80211_VHT_NSS_MAX);
else
memset(vht_mask, 0xff, sizeof(u16) * NL80211_VHT_NSS_MAX);
if (sta) {
Reported by FlawFinder.
Line: 204
Column: 15
CWE codes:
126
ops = ieee80211_try_rate_control_ops_get(ieee80211_default_rc_algo);
/* Note: check for > 0 is intentional to avoid clang warning */
if (!ops && (strlen(CONFIG_MAC80211_RC_DEFAULT) > 0))
/* try built-in one if specific alg requested but not found */
ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT);
kernel_param_unlock(THIS_MODULE);
Reported by FlawFinder.
Line: 218
Column: 12
CWE codes:
126
size_t count, loff_t *ppos)
{
struct rate_control_ref *ref = file->private_data;
int len = strlen(ref->ops->name);
return simple_read_from_buffer(userbuf, count, ppos,
ref->ops->name, len);
}
Reported by FlawFinder.
kernel/trace/ring_buffer_benchmark.c
4 issues
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rb_page {
u64 ts;
local_t commit;
char data[4080];
};
/* run time and sleep time in seconds */
#define RUN_TIME 10ULL
#define SLEEP_TIME 10
Reported by FlawFinder.
Line: 35
Column: 22
CWE codes:
120
20
static struct trace_buffer *buffer;
static struct task_struct *producer;
static struct task_struct *consumer;
static unsigned long read;
static unsigned int disable_reader;
module_param(disable_reader, uint, 0644);
MODULE_PARM_DESC(disable_reader, "only run producer");
Reported by FlawFinder.
Line: 330
Column: 44
CWE codes:
120
20
if (disable_reader)
trace_printk("Read: (reader disabled)\n");
else
trace_printk("Read: %ld (by %s)\n", read,
read_events ? "events" : "pages");
trace_printk("Entries: %lld\n", entries);
trace_printk("Total: %lld\n", entries + overruns + read);
trace_printk("Missed: %ld\n", missed);
trace_printk("Hit: %ld\n", hit);
Reported by FlawFinder.
Line: 333
Column: 56
CWE codes:
120
20
trace_printk("Read: %ld (by %s)\n", read,
read_events ? "events" : "pages");
trace_printk("Entries: %lld\n", entries);
trace_printk("Total: %lld\n", entries + overruns + read);
trace_printk("Missed: %ld\n", missed);
trace_printk("Hit: %ld\n", hit);
/* Convert time from usecs to millisecs */
do_div(time, USEC_PER_MSEC);
Reported by FlawFinder.
include/uapi/linux/x25.h
4 issues
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* digits and a null terminator.
*/
struct x25_address {
char x25_addr[16];
};
/*
* Linux X.25 Address structure, used for bind, and connect mostly.
*/
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* backward compatibility.
*/
struct x25_subscrip_struct {
char device[200-sizeof(unsigned long)];
unsigned long global_facil_mask; /* 0 to disable negotiation */
unsigned int extended;
};
/* values for above global_facil_mask */
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct x25_route_struct {
struct x25_address address;
unsigned int sigdigits;
char device[200];
};
/*
* Facilities structure.
*/
Reported by FlawFinder.
Line: 135
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct x25_calluserdata {
unsigned int cudlength;
unsigned char cuddata[128];
};
/*
* Call clearing Cause and Diagnostic structure.
*/
Reported by FlawFinder.
include/media/media-device.h
4 issues
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev;
struct media_devnode *devnode;
char model[32];
char driver_name[32];
char serial[40];
char bus_info[32];
u32 hw_revision;
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_devnode *devnode;
char model[32];
char driver_name[32];
char serial[40];
char bus_info[32];
u32 hw_revision;
u64 topology_version;
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[32];
char driver_name[32];
char serial[40];
char bus_info[32];
u32 hw_revision;
u64 topology_version;
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[32];
char driver_name[32];
char serial[40];
char bus_info[32];
u32 hw_revision;
u64 topology_version;
u32 id;
Reported by FlawFinder.
include/media/davinci/vpbe.h
4 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* OSD configuration info */
struct osd_config_info {
char module_name[32];
};
struct vpbe_output {
struct v4l2_output output;
/*
Reported by FlawFinder.
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* encoder configuration info */
struct encoder_config_info {
char module_name[32];
/* Is this an i2c device ? */
unsigned int is_i2c:1;
/* i2c subdevice board info */
struct i2c_board_info board_info;
};
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*amplifier configuration info */
struct amp_config_info {
char module_name[32];
/* Is this an i2c device ? */
unsigned int is_i2c:1;
/* i2c subdevice board info */
struct i2c_board_info board_info;
};
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* structure for defining vpbe display subsystem components */
struct vpbe_config {
char module_name[32];
/* i2c bus adapter no */
int i2c_adapter_id;
struct osd_config_info osd;
struct encoder_config_info venc;
/* external encoder information goes here */
Reported by FlawFinder.
kernel/time/clocksource-wdtest.c
4 issues
Line: 121
Column: 34
CWE codes:
120
20
__clocksource_register(&clocksource_wdtest_jiffies);
WARN_ON_ONCE(clocksource_wdtest_jiffies.uncertainty_margin != TICK_NSEC);
j1 = clocksource_wdtest_jiffies.read(&clocksource_wdtest_jiffies);
schedule_timeout_uninterruptible(HZ);
j2 = clocksource_wdtest_jiffies.read(&clocksource_wdtest_jiffies);
WARN_ON_ONCE(j1 == j2);
clocksource_unregister(&clocksource_wdtest_jiffies);
Reported by FlawFinder.
Line: 123
Column: 34
CWE codes:
120
20
j1 = clocksource_wdtest_jiffies.read(&clocksource_wdtest_jiffies);
schedule_timeout_uninterruptible(HZ);
j2 = clocksource_wdtest_jiffies.read(&clocksource_wdtest_jiffies);
WARN_ON_ONCE(j1 == j2);
clocksource_unregister(&clocksource_wdtest_jiffies);
/*
Reported by FlawFinder.
Line: 136
Column: 32
CWE codes:
120
20
clocksource_register_khz(&clocksource_wdtest_ktime, 1000 * 1000);
WARN_ON_ONCE(clocksource_wdtest_ktime.uncertainty_margin < NSEC_PER_USEC);
j1 = clocksource_wdtest_ktime.read(&clocksource_wdtest_ktime);
udelay(1);
j2 = clocksource_wdtest_ktime.read(&clocksource_wdtest_ktime);
pr_info("--- tsc-like times: %lu - %lu = %lu.\n", j2, j1, j2 - j1);
WARN_ON_ONCE(time_before(j2, j1 + NSEC_PER_USEC));
Reported by FlawFinder.
Line: 138
Column: 32
CWE codes:
120
20
j1 = clocksource_wdtest_ktime.read(&clocksource_wdtest_ktime);
udelay(1);
j2 = clocksource_wdtest_ktime.read(&clocksource_wdtest_ktime);
pr_info("--- tsc-like times: %lu - %lu = %lu.\n", j2, j1, j2 - j1);
WARN_ON_ONCE(time_before(j2, j1 + NSEC_PER_USEC));
/* Verify tsc-like stability with various numbers of errors injected. */
for (i = 0; i <= max_cswd_read_retries + 1; i++) {
Reported by FlawFinder.