The following issues were found
arch/arc/kernel/perf_event.c
4 issues
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct arc_pmu_raw_event_entry {
char name[ARCPMU_EVENT_NAME_LEN];
};
struct arc_pmu {
struct pmu pmu;
unsigned int irq;
Reported by FlawFinder.
Line: 491
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct perf_pmu_events_attr *pmu_attr;
pmu_attr = container_of(attr, struct perf_pmu_events_attr, attr);
return sprintf(page, "event=0x%04llx\n", pmu_attr->id);
}
/*
* We don't add attrs here as we don't have pre-defined list of perf events.
* We will generate and add attrs dynamically in probe() after we read HW
Reported by FlawFinder.
Line: 573
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 word0, word1;
char sentinel;
} indiv;
char str[ARCPMU_EVENT_NAME_LEN];
} cc_name;
READ_BCR(ARC_REG_PCT_BUILD, pct_bcr);
if (!pct_bcr.v) {
Reported by FlawFinder.
Line: 538
Column: 7
CWE codes:
126
if (!arc_pmu_ev_hw_map[i])
return false;
if (!strlen(arc_pmu_ev_hw_map[i]))
return false;
if (strcmp(arc_pmu_ev_hw_map[i], name))
return false;
Reported by FlawFinder.
arch/x86/pci/irq.c
4 issues
Line: 203
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int pirq_ali_get(struct pci_dev *router, struct pci_dev *dev, int pirq)
{
static const unsigned char irqmap[16] = { 0, 9, 3, 10, 4, 5, 7, 6, 1, 11, 0, 12, 0, 14, 0, 15 };
WARN_ON_ONCE(pirq > 16);
return irqmap[read_config_nybble(router, 0x48, pirq-1)];
}
Reported by FlawFinder.
Line: 211
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pirq_ali_set(struct pci_dev *router, struct pci_dev *dev, int pirq, int irq)
{
static const unsigned char irqmap[16] = { 0, 8, 0, 2, 4, 5, 7, 6, 0, 1, 3, 9, 11, 0, 13, 15 };
unsigned int val = irqmap[irq];
WARN_ON_ONCE(pirq > 16);
if (val) {
write_config_nybble(router, 0x48, pirq-1, val);
Reported by FlawFinder.
Line: 285
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int pirq_ite_get(struct pci_dev *router, struct pci_dev *dev, int pirq)
{
static const unsigned char pirqmap[4] = { 1, 0, 2, 3 };
WARN_ON_ONCE(pirq > 4);
return read_config_nybble(router, 0x43, pirqmap[pirq-1]);
}
Reported by FlawFinder.
Line: 293
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pirq_ite_set(struct pci_dev *router, struct pci_dev *dev, int pirq, int irq)
{
static const unsigned char pirqmap[4] = { 1, 0, 2, 3 };
WARN_ON_ONCE(pirq > 4);
write_config_nybble(router, 0x43, pirqmap[pirq-1], irq);
return 1;
}
Reported by FlawFinder.
arch/m68k/emu/natfeat.c
4 issues
Line: 61
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
int n;
va_start(ap, fmt);
n = vsnprintf(buf, 256, fmt, ap);
nf_call(nf_get_id("NF_STDERR"), virt_to_phys(buf));
va_end(ap);
}
static void nf_poweroff(void)
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long nf_get_id(const char *feature_name)
{
/* feature_name may be in vmalloc()ed memory, so make a copy */
char name_copy[32];
size_t n;
n = strlcpy(name_copy, feature_name, sizeof(name_copy));
if (n >= sizeof(name_copy))
return 0;
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void nfprint(const char *fmt, ...)
{
static char buf[256];
va_list ap;
int n;
va_start(ap, fmt);
n = vsnprintf(buf, 256, fmt, ap);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init nf_init(void)
{
unsigned long id, version;
char buf[256];
id = nf_get_id("NF_VERSION");
if (!id)
return;
version = nf_call(id);
Reported by FlawFinder.
arch/m68k/emu/nfcon.c
4 issues
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void nfputs(const char *str, unsigned int count)
{
char buf[68];
unsigned long phys = virt_to_phys(buf);
buf[64] = 0;
while (count > 64) {
memcpy(buf, str, 64);
Reported by FlawFinder.
Line: 33
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[64] = 0;
while (count > 64) {
memcpy(buf, str, 64);
nf_call(stderr_id, phys);
str += 64;
count -= 64;
}
memcpy(buf, str, count);
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
str += 64;
count -= 64;
}
memcpy(buf, str, count);
buf[count] = 0;
nf_call(stderr_id, phys);
}
static void nfcon_write(struct console *con, const char *str,
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nfcon_tty_put_char(struct tty_struct *tty, unsigned char ch)
{
char temp[2] = { ch, 0 };
nf_call(stderr_id, virt_to_phys(temp));
return 1;
}
Reported by FlawFinder.
arch/m68k/emu/nfeth.c
4 issues
Line: 147
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nfeth_xmit(struct sk_buff *skb, struct net_device *dev)
{
unsigned int len;
char *data, shortpkt[ETH_ZLEN];
struct nfeth_private *priv = netdev_priv(dev);
data = skb->data;
len = skb->len;
if (len < ETH_ZLEN) {
Reported by FlawFinder.
Line: 154
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = skb->len;
if (len < ETH_ZLEN) {
memset(shortpkt, 0, ETH_ZLEN);
memcpy(shortpkt, data, len);
data = shortpkt;
len = ETH_ZLEN;
}
netdev_dbg(dev, "%s: send %u bytes\n", __func__, len);
Reported by FlawFinder.
Line: 189
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct net_device *dev;
struct nfeth_private *priv;
char mac[ETH_ALEN], host_ip[32], local_ip[32];
int err;
if (!nf_call(nfEtherID + XIF_GET_MAC, unit, virt_to_phys(mac),
ETH_ALEN))
return NULL;
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->irq = nfEtherIRQ;
dev->netdev_ops = &nfeth_netdev_ops;
memcpy(dev->dev_addr, mac, ETH_ALEN);
priv = netdev_priv(dev);
priv->ethX = unit;
err = register_netdev(dev);
Reported by FlawFinder.
arch/powerpc/perf/power5+-pmu.c
4 issues
Line: 230
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -1;
}
static const unsigned char bytedecode_alternatives[4][4] = {
/* PMC 1 */ { 0x21, 0x23, 0x25, 0x27 },
/* PMC 2 */ { 0x07, 0x17, 0x0e, 0x1e },
/* PMC 3 */ { 0x20, 0x22, 0x24, 0x26 },
/* PMC 4 */ { 0x07, 0x17, 0x0e, 0x1e }
};
Reported by FlawFinder.
Line: 362
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Bit 0 is set if it is marked for all PMCs.
* The 0x80 bit indicates a byte decode PMCSEL value.
*/
static unsigned char direct_event_is_marked[0x28] = {
0, /* 00 */
0x1f, /* 01 PM_IOPS_CMPL */
0x2, /* 02 PM_MRK_GRP_DISP */
0xe, /* 03 PM_MRK_ST_CMPL, PM_MRK_ST_GPS, PM_MRK_ST_CMPL_INT */
0, /* 04 */
Reported by FlawFinder.
Line: 463
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ttm;
int i, isbus, bit, grsel;
unsigned int pmc_inuse = 0;
unsigned char busbyte[4];
unsigned char unituse[16];
int ttmuse;
if (n_ev > 6)
return -1;
Reported by FlawFinder.
Line: 464
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, isbus, bit, grsel;
unsigned int pmc_inuse = 0;
unsigned char busbyte[4];
unsigned char unituse[16];
int ttmuse;
if (n_ev > 6)
return -1;
Reported by FlawFinder.
arch/powerpc/perf/power5-pmu.c
4 issues
Line: 239
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -1;
}
static const unsigned char bytedecode_alternatives[4][4] = {
/* PMC 1 */ { 0x21, 0x23, 0x25, 0x27 },
/* PMC 2 */ { 0x07, 0x17, 0x0e, 0x1e },
/* PMC 3 */ { 0x20, 0x22, 0x24, 0x26 },
/* PMC 4 */ { 0x07, 0x17, 0x0e, 0x1e }
};
Reported by FlawFinder.
Line: 298
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Bit 0 is set if it is marked for all PMCs.
* The 0x80 bit indicates a byte decode PMCSEL value.
*/
static unsigned char direct_event_is_marked[0x28] = {
0, /* 00 */
0x1f, /* 01 PM_IOPS_CMPL */
0x2, /* 02 PM_MRK_GRP_DISP */
0xe, /* 03 PM_MRK_ST_CMPL, PM_MRK_ST_GPS, PM_MRK_ST_CMPL_INT */
0, /* 04 */
Reported by FlawFinder.
Line: 395
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, isbus, bit, grsel;
unsigned int pmc_inuse = 0;
unsigned int pmc_grp_use[2];
unsigned char busbyte[4];
unsigned char unituse[16];
int ttmuse;
if (n_ev > 6)
return -1;
Reported by FlawFinder.
Line: 396
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int pmc_inuse = 0;
unsigned int pmc_grp_use[2];
unsigned char busbyte[4];
unsigned char unituse[16];
int ttmuse;
if (n_ev > 6)
return -1;
Reported by FlawFinder.
arch/xtensa/platforms/iss/simdisk.c
4 issues
Line: 43
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_PARM_DESC(simdisk_count, "Number of simdisk units.");
static int n_files;
static const char *filename[MAX_SIMDISK_COUNT] = {
#ifdef CONFIG_SIMDISK0_FILENAME
CONFIG_SIMDISK0_FILENAME,
#ifdef CONFIG_SIMDISK1_FILENAME
CONFIG_SIMDISK1_FILENAME,
#endif
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init simdisk_setup(struct simdisk *dev, int which,
struct proc_dir_entry *procdir)
{
char tmp[2] = { '0' + which, 0 };
dev->fd = -1;
dev->filename = NULL;
spin_lock_init(&dev->lock);
dev->users = 0;
Reported by FlawFinder.
Line: 328
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void simdisk_teardown(struct simdisk *dev, int which,
struct proc_dir_entry *procdir)
{
char tmp[2] = { '0' + which, 0 };
simdisk_detach(dev);
if (dev->gd) {
del_gendisk(dev->gd);
blk_cleanup_disk(dev->gd);
Reported by FlawFinder.
Line: 216
Column: 11
CWE codes:
126
const char *s = dev->filename;
if (s) {
ssize_t n = simple_read_from_buffer(buf, size, ppos,
s, strlen(s));
if (n < 0)
return n;
buf += n;
size -= n;
}
Reported by FlawFinder.
arch/m68k/kernel/process.c
4 issues
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->thread.usp = 0;
return 0;
}
memcpy(frame, container_of(current_pt_regs(), struct fork_frame, regs),
sizeof(struct fork_frame));
frame->regs.d0 = 0;
frame->sw.retpc = (unsigned long)ret_from_fork;
p->thread.usp = usp ?: rdusp();
Reported by FlawFinder.
Line: 220
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (FPU_IS_EMU) {
int i;
memcpy(fpu->fpcntl, current->thread.fpcntl, 12);
memcpy(fpu->fpregs, current->thread.fp, 96);
/* Convert internal fpu reg representation
* into long double format
*/
for (i = 0; i < 24; i += 3)
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
memcpy(fpu->fpcntl, current->thread.fpcntl, 12);
memcpy(fpu->fpregs, current->thread.fp, 96);
/* Convert internal fpu reg representation
* into long double format
*/
for (i = 0; i < 24; i += 3)
fpu->fpregs[i] = ((fpu->fpregs[i] & 0xffff0000) << 15) |
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (IS_ENABLED(CONFIG_FPU)) {
char fpustate[216];
/* First dump the fpu context to avoid protocol violation. */
asm volatile ("fsave %0" :: "m" (fpustate[0]) : "memory");
if (!CPU_IS_060 ? !fpustate[0] : !fpustate[2])
return 0;
Reported by FlawFinder.
arch/um/drivers/virt-pci.c
4 issues
Line: 663
CWE codes:
908
if (!reg->dev)
return 0;
for (i = 0; i < ARRAY_SIZE(dev->resptr); i++) {
struct resource *r = &pdev->resource[i];
if ((r->flags & IORESOURCE_TYPE_BITS) != IORESOURCE_MEM)
continue;
Reported by Cppcheck.
Line: 95
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *ncmd = kmalloc(cmd_size + extra_size, GFP_ATOMIC);
if (ncmd) {
memcpy(ncmd, cmd, cmd_size);
if (extra)
memcpy(ncmd + cmd_size, extra, extra_size);
cmd = (void *)ncmd;
cmd_size += extra_size;
extra = NULL;
Reported by FlawFinder.
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ncmd) {
memcpy(ncmd, cmd, cmd_size);
if (extra)
memcpy(ncmd + cmd_size, extra, extra_size);
cmd = (void *)ncmd;
cmd_size += extra_size;
extra = NULL;
extra_size = 0;
} else {
Reported by FlawFinder.
Line: 494
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int um_pci_init_vqs(struct um_pci_device *dev)
{
struct virtqueue *vqs[2];
static const char *const names[2] = { "cmd", "irq" };
vq_callback_t *cbs[2] = { um_pci_cmd_vq_cb, um_pci_irq_vq_cb };
int err, i;
err = virtio_find_vqs(dev->vdev, 2, vqs, cbs, names, NULL);
if (err)
Reported by FlawFinder.