The following issues were found
arch/powerpc/platforms/cell/spufs/file.c
4 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct spufs_attr {
int (*get)(void *, u64 *);
int (*set)(void *, u64);
char get_buf[24]; /* enough to store a u64 and "\n\0" */
char set_buf[24];
void *data;
const char *fmt; /* format for read operation */
struct mutex mutex; /* protects access to these buffers */
};
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int (*get)(void *, u64 *);
int (*set)(void *, u64);
char get_buf[24]; /* enough to store a u64 and "\n\0" */
char set_buf[24];
void *data;
const char *fmt; /* format for read operation */
struct mutex mutex; /* protects access to these buffers */
};
Reported by FlawFinder.
Line: 2375
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return error;
while (cnt < len) {
char tbuf[128];
int width;
if (spufs_switch_log_used(ctx) == 0) {
if (cnt > 0) {
/* If there's data ready to go, we can
Reported by FlawFinder.
Line: 86
Column: 10
CWE codes:
126
return ret;
if (*ppos) { /* continued read */
size = strlen(attr->get_buf);
} else { /* first read */
u64 val;
ret = attr->get(attr->data, &val);
if (ret)
goto out;
Reported by FlawFinder.
arch/powerpc/platforms/chrp/setup.c
4 issues
Line: 73
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern struct smp_ops_t chrp_smp_ops;
#endif
static const char *gg2_memtypes[4] = {
"FPM", "SDRAM", "EDO", "BEDO"
};
static const char *gg2_cachesizes[4] = {
"256 KB", "512 KB", "1 MB", "Reserved"
};
Reported by FlawFinder.
Line: 76
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *gg2_memtypes[4] = {
"FPM", "SDRAM", "EDO", "BEDO"
};
static const char *gg2_cachesizes[4] = {
"256 KB", "512 KB", "1 MB", "Reserved"
};
static const char *gg2_cachetypes[4] = {
"Asynchronous", "Reserved", "Flow-Through Synchronous",
"Pipelined Synchronous"
Reported by FlawFinder.
Line: 79
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *gg2_cachesizes[4] = {
"256 KB", "512 KB", "1 MB", "Reserved"
};
static const char *gg2_cachetypes[4] = {
"Asynchronous", "Reserved", "Flow-Through Synchronous",
"Pipelined Synchronous"
};
static const char *gg2_cachemodes[4] = {
"Disabled", "Write-Through", "Copy-Back", "Transparent Mode"
Reported by FlawFinder.
Line: 83
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Asynchronous", "Reserved", "Flow-Through Synchronous",
"Pipelined Synchronous"
};
static const char *gg2_cachemodes[4] = {
"Disabled", "Write-Through", "Copy-Back", "Transparent Mode"
};
static const char *chrp_names[] = {
"Unknown",
Reported by FlawFinder.
arch/xtensa/kernel/ptrace.c
4 issues
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.syscall = regs->syscall,
};
memcpy(newregs.a,
regs->areg + XCHAL_NUM_AREGS - regs->windowbase * 4,
regs->windowbase * 16);
memcpy(newregs.a + regs->windowbase * 4,
regs->areg,
(WSBITS - regs->windowbase) * 16);
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(newregs.a,
regs->areg + XCHAL_NUM_AREGS - regs->windowbase * 4,
regs->windowbase * 16);
memcpy(newregs.a + regs->windowbase * 4,
regs->areg,
(WSBITS - regs->windowbase) * 16);
return membuf_write(&to, &newregs, sizeof(newregs));
}
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
regs->wmask = wmask;
}
memcpy(regs->areg + XCHAL_NUM_AREGS - newregs.windowbase * 4,
newregs.a, newregs.windowbase * 16);
memcpy(regs->areg, newregs.a + newregs.windowbase * 4,
(WSBITS - newregs.windowbase) * 16);
return 0;
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(regs->areg + XCHAL_NUM_AREGS - newregs.windowbase * 4,
newregs.a, newregs.windowbase * 16);
memcpy(regs->areg, newregs.a + newregs.windowbase * 4,
(WSBITS - newregs.windowbase) * 16);
return 0;
}
Reported by FlawFinder.
arch/xtensa/include/asm/string.h
4 issues
Line: 19
Column: 21
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#define _XTENSA_STRING_H
#define __HAVE_ARCH_STRCPY
static inline char *strcpy(char *__dest, const char *__src)
{
register char *__xdest = __dest;
unsigned long __dummy;
__asm__ __volatile__("1:\n\t"
Reported by FlawFinder.
Line: 114
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern void *__memset(void *__s, int __c, size_t __count);
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *__to, __const__ void *__from, size_t __n);
extern void *__memcpy(void *__to, __const__ void *__from, size_t __n);
#define __HAVE_ARCH_MEMMOVE
extern void *memmove(void *__dest, __const__ void *__src, size_t __n);
extern void *__memmove(void *__dest, __const__ void *__src, size_t __n);
Reported by FlawFinder.
Line: 131
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* should use not instrumented version of mem* functions.
*/
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
Reported by FlawFinder.
Line: 38
Column: 21
CWE codes:
120
}
#define __HAVE_ARCH_STRNCPY
static inline char *strncpy(char *__dest, const char *__src, size_t __n)
{
register char *__xdest = __dest;
unsigned long __dummy;
if (__n == 0)
Reported by FlawFinder.
arch/powerpc/include/asm/cpm1.h
4 issues
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ushort smc_brkec; /* rcv'd break condition counter */
ushort smc_brkcr; /* xmt break count register */
ushort smc_rmask; /* Temporary bit mask */
char res1[8]; /* Reserved */
ushort smc_rpbase; /* Relocation pointer */
} smc_uart_t;
/* Function code bits.
*/
Reported by FlawFinder.
Line: 397
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
typedef struct scc_uart {
sccp_t scc_genscc;
char res1[8]; /* Reserved */
ushort scc_maxidl; /* Maximum idle chars */
ushort scc_idlc; /* temp idle counter */
ushort scc_brkcr; /* Break count register */
ushort scc_parec; /* receive parity error counter */
ushort scc_frmec; /* receive framing error counter */
Reported by FlawFinder.
Line: 479
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ushort iic_tbptr; /* Internal */
ushort iic_tbc; /* Internal */
uint iic_txtmp; /* Internal */
char res1[4]; /* Reserved */
ushort iic_rpbase; /* Relocation pointer */
char res2[2]; /* Reserved */
} iic_t;
/*
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint iic_txtmp; /* Internal */
char res1[4]; /* Reserved */
ushort iic_rpbase; /* Relocation pointer */
char res2[2]; /* Reserved */
} iic_t;
/*
* RISC Controller Configuration Register definitons
*/
Reported by FlawFinder.
arch/um/drivers/mconsole.h
4 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 magic;
u32 version;
u32 len;
char data[MCONSOLE_MAX_DATA];
};
struct mconsole_reply {
u32 err;
u32 more;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 err;
u32 more;
u32 len;
char data[MCONSOLE_MAX_DATA];
};
struct mconsole_notify {
u32 magic;
u32 version;
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum { MCONSOLE_SOCKET, MCONSOLE_PANIC, MCONSOLE_HANG,
MCONSOLE_USER_NOTIFY } type;
u32 len;
char data[MCONSOLE_MAX_DATA];
};
struct mc_request;
enum mc_context { MCONSOLE_INTR, MCONSOLE_PROC };
Reported by FlawFinder.
Line: 62
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int originating_fd;
unsigned int originlen;
unsigned char origin[128]; /* sockaddr_un */
struct mconsole_request request;
struct mconsole_command *cmd;
struct uml_pt_regs regs;
};
Reported by FlawFinder.
arch/arm/crypto/chacha-glue.c
4 issues
Line: 59
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *d = dst;
if (bytes != CHACHA_BLOCK_SIZE)
s = d = memcpy(buf, src, bytes);
chacha_block_xor_neon(state, d, s, nrounds);
if (d != dst)
memcpy(dst, buf, bytes);
state[12]++;
}
Reported by FlawFinder.
Line: 62
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s = d = memcpy(buf, src, bytes);
chacha_block_xor_neon(state, d, s, nrounds);
if (d != dst)
memcpy(dst, buf, bytes);
state[12]++;
}
}
void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds)
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
memcpy(&real_iv[8], req->iv + 16, 8);
return chacha_stream_xor(req, &subctx, real_iv, neon);
}
static int xchacha_arm(struct skcipher_request *req)
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
memcpy(&real_iv[8], req->iv + 16, 8);
return chacha_stream_xor(req, &subctx, real_iv, neon);
}
static int xchacha_arm(struct skcipher_request *req)
{
Reported by FlawFinder.
arch/mips/ath79/setup.c
4 issues
Line: 194
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ath79_soc_rev = rev;
if (soc_is_qca953x() || soc_is_qca955x() || soc_is_qca956x())
sprintf(ath79_sys_type, "Qualcomm Atheros QCA%s ver %u rev %u",
chip, ver, rev);
else if (soc_is_tp9343())
sprintf(ath79_sys_type, "Qualcomm Atheros TP%s rev %u",
chip, rev);
else
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(ath79_sys_type, "Qualcomm Atheros QCA%s ver %u rev %u",
chip, ver, rev);
else if (soc_is_tp9343())
sprintf(ath79_sys_type, "Qualcomm Atheros TP%s rev %u",
chip, rev);
else
sprintf(ath79_sys_type, "Atheros AR%s rev %u", chip, rev);
pr_info("SoC: %s\n", ath79_sys_type);
}
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(ath79_sys_type, "Qualcomm Atheros TP%s rev %u",
chip, rev);
else
sprintf(ath79_sys_type, "Atheros AR%s rev %u", chip, rev);
pr_info("SoC: %s\n", ath79_sys_type);
}
const char *get_system_type(void)
{
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ATH79_SYS_TYPE_LEN 64
static char ath79_sys_type[ATH79_SYS_TYPE_LEN];
static void ath79_restart(char *command)
{
local_irq_disable();
ath79_device_reset_set(AR71XX_RESET_FULL_CHIP);
Reported by FlawFinder.
arch/sparc/mm/srmmu.c
4 issues
Line: 334
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pgd) {
pgd_t *init = pgd_offset_k(0);
memset(pgd, 0, USER_PTRS_PER_PGD * sizeof(pgd_t));
memcpy(pgd + USER_PTRS_PER_PGD, init + USER_PTRS_PER_PGD,
(PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t));
}
return pgd;
}
Reported by FlawFinder.
Line: 898
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
phandle cpunode;
char node_str[128];
pgd_t *pgd;
p4d_t *p4d;
pud_t *pud;
pmd_t *pmd;
pte_t *pte;
Reported by FlawFinder.
Line: 1030
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
phandle nd;
int cache_lines;
char node_str[128];
#ifdef CONFIG_SMP
int cpu = 0;
unsigned long max_size = 0;
unsigned long min_line_size = 0x10000000;
#endif
Reported by FlawFinder.
Line: 1597
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Next check for Fujitsu Swift. */
if (psr_typ == 0 && psr_vers == 4) {
phandle cpunode;
char node_str[128];
/* Look if it is not a TurboSparc emulating Swift... */
cpunode = prom_getchild(prom_root_node);
while ((cpunode = prom_getsibling(cpunode)) != 0) {
prom_getstring(cpunode, "device_type", node_str, sizeof(node_str));
Reported by FlawFinder.
arch/mips/cavium-octeon/crypto/octeon-sha1.c
4 issues
Line: 103
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((partial + len) >= SHA1_BLOCK_SIZE) {
if (partial) {
done = -partial;
memcpy(sctx->buffer + partial, data,
done + SHA1_BLOCK_SIZE);
src = sctx->buffer;
}
do {
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
partial = 0;
}
memcpy(sctx->buffer + partial, src, len - done);
}
static int octeon_sha1_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 189
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int octeon_sha1_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg octeon_sha1_alg = {
.digestsize = SHA1_DIGEST_SIZE,
Reported by FlawFinder.