The following issues were found
net/nfc/digital_technology.c
4 issues
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sel_req->sel_cmd = sel_cmd;
sel_req->b2 = 0x70;
memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
sel_req->bcc = sdd_res->bcc;
if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
Reported by FlawFinder.
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = 4;
}
memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
size);
target->nfcid1_len += size;
rc = digital_in_send_sel_req(ddev, target, sdd_res);
Reported by FlawFinder.
Line: 771
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sensf_res = (struct digital_sensf_res *)resp->data;
memcpy(target.sensf_res, sensf_res, resp->len);
target.sensf_res_len = resp->len;
memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
target.nfcid2_len = NFC_NFCID2_MAXSIZE;
Reported by FlawFinder.
Line: 774
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(target.sensf_res, sensf_res, resp->len);
target.sensf_res_len = resp->len;
memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
target.nfcid2_len = NFC_NFCID2_MAXSIZE;
if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
proto = NFC_PROTO_NFC_DEP;
Reported by FlawFinder.
mm/percpu.c
4 issues
Line: 2790
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_SMP
const char * const pcpu_fc_names[PCPU_FC_NR] __initconst = {
[PCPU_FC_AUTO] = "auto",
[PCPU_FC_EMBED] = "embed",
[PCPU_FC_PAGE] = "page",
};
Reported by FlawFinder.
Line: 3116
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
/* copy and return the unused part */
memcpy(ptr, __per_cpu_load, ai->static_size);
free_fn(ptr + size_sum, ai->unit_size - size_sum);
}
}
/* base address is now known, determine group base offsets */
Reported by FlawFinder.
Line: 3170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static struct vm_struct vm;
struct pcpu_alloc_info *ai;
char psize_str[16];
int unit_pages;
size_t pages_size;
struct page **pages;
int unit, i, j, rc = 0;
int upa;
Reported by FlawFinder.
Line: 3247
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
/* copy static data */
memcpy((void *)unit_addr, __per_cpu_load, ai->static_size);
}
/* we're ready, commit */
pr_info("%d %s pages/cpu s%zu r%zu d%zu\n",
unit_pages, psize_str, ai->static_size,
Reported by FlawFinder.
include/sound/rawmidi.h
4 issues
Line: 39
Column: 8
CWE codes:
362
struct pid;
struct snd_rawmidi_ops {
int (*open) (struct snd_rawmidi_substream * substream);
int (*close) (struct snd_rawmidi_substream * substream);
void (*trigger) (struct snd_rawmidi_substream * substream, int up);
void (*drain) (struct snd_rawmidi_substream * substream);
};
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t bytes;
struct snd_rawmidi *rmidi;
struct snd_rawmidi_str *pstr;
char name[32];
struct snd_rawmidi_runtime *runtime;
struct pid *pid;
/* hardware layer */
const struct snd_rawmidi_ops *ops;
};
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
unsigned int device; /* device number */
unsigned int info_flags; /* SNDRV_RAWMIDI_INFO_XXXX */
char id[64];
char name[80];
#ifdef CONFIG_SND_OSSEMUL
int ossreg;
#endif
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int device; /* device number */
unsigned int info_flags; /* SNDRV_RAWMIDI_INFO_XXXX */
char id[64];
char name[80];
#ifdef CONFIG_SND_OSSEMUL
int ossreg;
#endif
Reported by FlawFinder.
net/core/sysctl_net_core.c
4 issues
Line: 161
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
write_unlock:
mutex_unlock(&flow_limit_update_mutex);
} else {
char kbuf[128];
if (*ppos || !*lenp) {
*lenp = 0;
goto done;
}
Reported by FlawFinder.
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len < *lenp)
kbuf[len++] = '\n';
memcpy(buffer, kbuf, len);
*lenp = len;
*ppos += len;
}
done:
Reported by FlawFinder.
Line: 220
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int set_default_qdisc(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
char id[IFNAMSIZ];
struct ctl_table tbl = {
.data = id,
.maxlen = IFNAMSIZ,
};
int ret;
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *buffer, size_t *lenp, loff_t *ppos)
{
struct ctl_table fake_table;
char buf[NETDEV_RSS_KEY_LEN * 3];
snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
fake_table.data = buf;
fake_table.maxlen = sizeof(buf);
return proc_dostring(&fake_table, write, buffer, lenp, ppos);
Reported by FlawFinder.
mm/mmap.c
4 issues
Line: 2763
Column: 34
CWE codes:
362
if (new->vm_file)
get_file(new->vm_file);
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
if (new_below)
err = vma_adjust(vma, addr, vma->vm_end, vma->vm_pgoff +
((addr - new->vm_start) >> PAGE_SHIFT), new);
Reported by FlawFinder.
Line: 2764
Column: 16
CWE codes:
362
get_file(new->vm_file);
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
if (new_below)
err = vma_adjust(vma, addr, vma->vm_end, vma->vm_pgoff +
((addr - new->vm_start) >> PAGE_SHIFT), new);
else
Reported by FlawFinder.
Line: 3319
Column: 43
CWE codes:
362
goto out_free_mempol;
if (new_vma->vm_file)
get_file(new_vma->vm_file);
if (new_vma->vm_ops && new_vma->vm_ops->open)
new_vma->vm_ops->open(new_vma);
vma_link(mm, new_vma, prev, rb_link, rb_parent);
*need_rmap_locks = false;
}
return new_vma;
Reported by FlawFinder.
Line: 3320
Column: 21
CWE codes:
362
if (new_vma->vm_file)
get_file(new_vma->vm_file);
if (new_vma->vm_ops && new_vma->vm_ops->open)
new_vma->vm_ops->open(new_vma);
vma_link(mm, new_vma, prev, rb_link, rb_parent);
*need_rmap_locks = false;
}
return new_vma;
Reported by FlawFinder.
mm/memcontrol.c
4 issues
Line: 4252
CWE codes:
908
BUG();
/* Check if a threshold crossed before adding a new one */
if (thresholds->primary)
__mem_cgroup_threshold(memcg, type == _MEMSWAP);
size = thresholds->primary ? thresholds->primary->size + 1 : 1;
/* Allocate memory for new array of thresholds */
Reported by Cppcheck.
Line: 4255
CWE codes:
908
if (thresholds->primary)
__mem_cgroup_threshold(memcg, type == _MEMSWAP);
size = thresholds->primary ? thresholds->primary->size + 1 : 1;
/* Allocate memory for new array of thresholds */
new = kmalloc(struct_size(new, entries, size), GFP_KERNEL);
if (!new) {
ret = -ENOMEM;
Reported by Cppcheck.
Line: 4338
CWE codes:
908
} else
BUG();
if (!thresholds->primary)
goto unlock;
/* Check if a threshold crossed before removing */
__mem_cgroup_threshold(memcg, type == _MEMSWAP);
Reported by Cppcheck.
Line: 4267
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy thresholds (if any) to new array */
if (thresholds->primary)
memcpy(new->entries, thresholds->primary->entries,
flex_array_size(new, entries, size - 1));
/* Add new threshold */
new->entries[size - 1].eventfd = eventfd;
new->entries[size - 1].threshold = threshold;
Reported by FlawFinder.
include/sound/hwdep.h
4 issues
Line: 23
Column: 8
CWE codes:
362
long count, loff_t *offset);
long (*write)(struct snd_hwdep *hw, const char __user *buf,
long count, loff_t *offset);
int (*open)(struct snd_hwdep *hw, struct file * file);
int (*release)(struct snd_hwdep *hw, struct file * file);
__poll_t (*poll)(struct snd_hwdep *hw, struct file *file,
poll_table *wait);
int (*ioctl)(struct snd_hwdep *hw, struct file *file,
unsigned int cmd, unsigned long arg);
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_card *card;
struct list_head list;
int device;
char id[32];
char name[80];
int iface;
#ifdef CONFIG_SND_OSSEMUL
int oss_type;
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
int device;
char id[32];
char name[80];
int iface;
#ifdef CONFIG_SND_OSSEMUL
int oss_type;
int ossreg;
Reported by FlawFinder.
Line: 19
Column: 9
CWE codes:
120
20
struct snd_hwdep_ops {
long long (*llseek)(struct snd_hwdep *hw, struct file *file,
long long offset, int orig);
long (*read)(struct snd_hwdep *hw, char __user *buf,
long count, loff_t *offset);
long (*write)(struct snd_hwdep *hw, const char __user *buf,
long count, loff_t *offset);
int (*open)(struct snd_hwdep *hw, struct file * file);
int (*release)(struct snd_hwdep *hw, struct file * file);
Reported by FlawFinder.
include/sound/emu10k1.h
4 issues
Line: 1532
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_emu10k1_pcm_mixer {
/* mono, left, right x 8 sends (4 on emu10k1) */
unsigned char send_routing[3][8];
unsigned char send_volume[3][8];
unsigned short attn[3];
struct snd_emu10k1_pcm *epcm;
};
Reported by FlawFinder.
Line: 1533
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_emu10k1_pcm_mixer {
/* mono, left, right x 8 sends (4 on emu10k1) */
unsigned char send_routing[3][8];
unsigned char send_volume[3][8];
unsigned short attn[3];
struct snd_emu10k1_pcm *epcm;
};
#define snd_emu10k1_compose_send_routing(route) \
Reported by FlawFinder.
Line: 1594
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short gpr_tmpcount; /* GPR containing current count of samples to interrupt (host = set, FX8010) */
unsigned short gpr_trigger; /* GPR containing trigger (activate) information (host) */
unsigned short gpr_running; /* GPR containing info if PCM is running (FX8010) */
unsigned char etram[32]; /* external TRAM address & data */
struct snd_pcm_indirect pcm_rec;
unsigned int tram_pos;
unsigned int tram_shift;
struct snd_emu10k1_fx8010_irq irq;
};
Reported by FlawFinder.
Line: 1609
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int itram_size; /* internal TRAM size in samples */
struct snd_dma_buffer etram_pages; /* external TRAM pages and size */
unsigned int dbg; /* FX debugger register */
unsigned char name[128];
int gpr_size; /* size of allocated GPR controls */
int gpr_count; /* count of used kcontrols */
struct list_head gpr_ctl; /* GPR controls */
struct mutex lock;
struct snd_emu10k1_fx8010_pcm pcm[8];
Reported by FlawFinder.
mm/kasan/report_generic.c
4 issues
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void kasan_metadata_fetch_row(char *buffer, void *row)
{
memcpy(buffer, kasan_mem_to_shadow(row), META_BYTES_PER_ROW);
}
#ifdef CONFIG_KASAN_STACK
static bool __must_check tokenize_frame_descr(const char **frame_descr,
char *token, size_t max_tok_len,
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* or "offset size len name:line".
*/
char token[64];
unsigned long num_objects;
if (!tokenize_frame_descr(&frame_descr, token, sizeof(token),
&num_objects))
return;
Reported by FlawFinder.
Line: 260
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
*offset = (unsigned long)addr - (unsigned long)frame;
*frame_descr = (const char *)frame[1];
*frame_pc = (void *)frame[2];
return true;
}
Reported by FlawFinder.
Line: 139
Column: 24
CWE codes:
126
const char *sep = strchr(*frame_descr, ' ');
if (sep == NULL)
sep = *frame_descr + strlen(*frame_descr);
if (token != NULL) {
const size_t tok_len = sep - *frame_descr;
if (tok_len + 1 > max_tok_len) {
Reported by FlawFinder.
net/openvswitch/flow.h
4 issues
Line: 236
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 ar_op; /* ARP opcode (command) */
/* Ethernet+IPv4 specific members. */
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
} __packed;
Reported by FlawFinder.
Line: 237
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Ethernet+IPv4 specific members. */
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
} __packed;
static inline u8 ovs_key_mac_proto(const struct sw_flow_key *key)
Reported by FlawFinder.
Line: 238
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Ethernet+IPv4 specific members. */
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
} __packed;
static inline u8 ovs_key_mac_proto(const struct sw_flow_key *key)
{
Reported by FlawFinder.
Line: 239
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
} __packed;
static inline u8 ovs_key_mac_proto(const struct sw_flow_key *key)
{
return key->mac_proto & ~SW_FLOW_KEY_INVALID;
Reported by FlawFinder.