The following issues were found
arch/powerpc/boot/planetcore.c
4 issues
Line: 102
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static char prop_buf[MAX_PROP_LEN];
void planetcore_set_stdout_path(const char *table)
{
char *path;
const char *label;
Reported by FlawFinder.
Line: 40
Column: 15
CWE codes:
126
const char *planetcore_get_key(const char *table, const char *key)
{
int keylen = strlen(key);
do {
if (!strncmp(table, key, keylen) && table[keylen] == '=')
return table + keylen + 1;
Reported by FlawFinder.
Line: 46
Column: 12
CWE codes:
126
if (!strncmp(table, key, keylen) && table[keylen] == '=')
return table + keylen + 1;
table += strlen(table) + 1;
} while (strlen(table) != 0);
return NULL;
}
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
126
return table + keylen + 1;
table += strlen(table) + 1;
} while (strlen(table) != 0);
return NULL;
}
int planetcore_get_decimal(const char *table, const char *key, u64 *val)
Reported by FlawFinder.
arch/s390/crypto/sha3_256_s390.c
4 issues
Line: 49
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sha3_state *ictx = in;
sctx->count = ictx->rsiz;
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
sctx->func = CPACF_KIMD_SHA3_256;
return 0;
}
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->count = ictx->rsiz;
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
sctx->func = CPACF_KIMD_SHA3_256;
return 0;
}
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sha3_state *ictx = in;
sctx->count = ictx->rsiz;
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
sctx->func = CPACF_KIMD_SHA3_224;
return 0;
}
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->count = ictx->rsiz;
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
sctx->func = CPACF_KIMD_SHA3_224;
return 0;
}
Reported by FlawFinder.
arch/sparc/kernel/pci.c
4 issues
Line: 534
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pcibios_bus_to_resource(dev->bus, res, ®ion);
}
after_ranges:
sprintf(bus->name, "PCI Bus %04x:%02x", pci_domain_nr(bus),
bus->number);
if (ofpci_verbose)
pci_info(dev, " bus name: %s\n", bus->name);
pci_of_scan_bus(pbm, node, bus);
Reported by FlawFinder.
Line: 1050
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pci_bus *bus;
list_for_each_entry(pdev, &pbus->devices, bus_list) {
char name[SLOT_NAME_SIZE];
struct pci_slot *pci_slot;
const u32 *slot_num;
int len;
slot_num = of_get_property(pdev->dev.of_node,
Reported by FlawFinder.
Line: 1077
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const struct pci_slot_names {
u32 slot_mask;
char names[0];
} *prop;
const char *sp;
int len, i;
u32 mask;
Reported by FlawFinder.
Line: 1112
Column: 9
CWE codes:
126
pci_err(bus, "pci_create_slot returned %ld\n",
PTR_ERR(pci_slot));
sp += strlen(sp) + 1;
mask &= ~this_bit;
i++;
}
}
Reported by FlawFinder.
arch/powerpc/boot/mktree.c
4 issues
Line: 82
Column: 15
CWE codes:
362
bt.reserved[0] = 0;
bt.reserved[1] = 0;
if ((in_fd = open(argv[1], O_RDONLY)) < 0) {
perror("zImage open");
exit(3);
}
if ((out_fd = open(argv[2], (O_RDWR | O_CREAT | O_TRUNC), 0666)) < 0) {
Reported by FlawFinder.
Line: 87
Column: 16
CWE codes:
362
exit(3);
}
if ((out_fd = open(argv[2], (O_RDWR | O_CREAT | O_TRUNC), 0666)) < 0) {
perror("bootfile open");
exit(3);
}
cksum = 0;
Reported by FlawFinder.
Line: 99
Column: 6
CWE codes:
120
20
/* Assume zImage is an ELF file, and skip the 64K header.
*/
if (read(in_fd, tmpbuf, sizeof(tmpbuf)) != sizeof(tmpbuf)) {
fprintf(stderr, "%s is too small to be an ELF image\n",
argv[1]);
exit(4);
}
Reported by FlawFinder.
Line: 125
Column: 7
CWE codes:
120
20
}
while (nblks-- > 0) {
if (read(in_fd, tmpbuf, sizeof(tmpbuf)) < 0) {
perror("zImage read");
exit(5);
}
cp = tmpbuf;
for (i = 0; i < sizeof(tmpbuf) / sizeof(unsigned int); i++)
Reported by FlawFinder.
arch/sparc/kernel/of_device_32.c
4 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
/* Start with the parent range base. */
memcpy(result, range + na, pna * 4);
/* Add in the child address offset, skipping high cell. */
for (i = 0; i < na - 1; i++)
result[pna - 1 - i] +=
(addr[na - 1 - i] -
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(addr[na - 1 - i] -
range[na - 1 - i]);
memcpy(addr, result, pna * 4);
return 0;
}
static unsigned long of_bus_pci_get_flags(const u32 *addr, unsigned long flags)
Reported by FlawFinder.
Line: 208
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result[pna - 1 - i] =
addr[na - 1 - i];
memcpy(addr, result, pna * 4);
return 0;
}
/* Now walk through the ranges */
rlen /= 4;
Reported by FlawFinder.
Line: 288
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = of_read_addr(reg + na, ns);
memcpy(addr, reg, na * 4);
flags = bus->get_flags(reg, 0);
if (use_1to1_mapping(pp)) {
result = of_read_addr(addr, na);
Reported by FlawFinder.
arch/x86/math-emu/poly_l2.c
4 issues
Line: 195
CWE codes:
908
if (argsign == SIGN_POS) {
shr_Xsig(&Denom, 2 - (1 + exponent));
Denom.msw |= 0x80000000;
div_Xsig(&Numer, &Denom, &argSignif);
} else {
shr_Xsig(&Denom, 1 - (1 + exponent));
negate_Xsig(&Denom);
if (Denom.msw & 0x80000000) {
div_Xsig(&Numer, &Denom, &argSignif);
Reported by Cppcheck.
Line: 200
CWE codes:
908
shr_Xsig(&Denom, 1 - (1 + exponent));
negate_Xsig(&Denom);
if (Denom.msw & 0x80000000) {
div_Xsig(&Numer, &Denom, &argSignif);
exponent++;
} else {
/* Denom must be 1.0 */
argSignif.lsw = Numer.lsw;
argSignif.midw = Numer.midw;
Reported by Cppcheck.
Line: 205
CWE codes:
908
} else {
/* Denom must be 1.0 */
argSignif.lsw = Numer.lsw;
argSignif.midw = Numer.midw;
argSignif.msw = Numer.msw;
}
}
#ifndef PECULIAR_486
Reported by Cppcheck.
Line: 219
CWE codes:
908
}
#endif /* PECULIAR_486 */
arg_signif.lsw = argSignif.lsw;
XSIG_LL(arg_signif) = XSIG_LL(argSignif);
adj = norm_Xsig(&argSignif);
accumulator.lsw = argSignif.lsw;
XSIG_LL(accumulator) = XSIG_LL(argSignif);
mul_Xsig_Xsig(&accumulator, &accumulator);
Reported by Cppcheck.
arch/sparc/kernel/ioport.c
4 issues
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xresource {
struct resource xres; /* Must be first */
int xflag; /* 1 == used */
char xname[XNMLN+1];
};
static struct xresource xresv[XNRES];
static struct xresource *xres_alloc(void) {
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void __iomem *ioremap(phys_addr_t offset, size_t size)
{
char name[14];
sprintf(name, "phys_%08x", (u32)offset);
return _sparc_alloc_io(0, (unsigned long)offset, size, name);
}
EXPORT_SYMBOL(ioremap);
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char name[14];
sprintf(name, "phys_%08x", (u32)offset);
return _sparc_alloc_io(0, (unsigned long)offset, size, name);
}
EXPORT_SYMBOL(ioremap);
/*
Reported by FlawFinder.
Line: 197
Column: 10
CWE codes:
126
printk("ioremap: done with statics, switching to malloc\n");
printed_full = 1;
}
tlen = strlen(name);
tack = kmalloc(sizeof (struct resource) + tlen + 1, GFP_KERNEL);
if (tack == NULL) return NULL;
memset(tack, 0, sizeof(struct resource));
res = (struct resource *) tack;
tack += sizeof (struct resource);
Reported by FlawFinder.
arch/sh/mm/cache.c
4 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (boot_cpu_data.dcache.n_aliases && page_mapcount(page) &&
test_bit(PG_dcache_clean, &page->flags)) {
void *vto = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK);
memcpy(vto, src, len);
kunmap_coherent(vto);
} else {
memcpy(dst, src, len);
if (boot_cpu_data.dcache.n_aliases)
clear_bit(PG_dcache_clean, &page->flags);
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(vto, src, len);
kunmap_coherent(vto);
} else {
memcpy(dst, src, len);
if (boot_cpu_data.dcache.n_aliases)
clear_bit(PG_dcache_clean, &page->flags);
}
if (vma->vm_flags & VM_EXEC)
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (boot_cpu_data.dcache.n_aliases && page_mapcount(page) &&
test_bit(PG_dcache_clean, &page->flags)) {
void *vfrom = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK);
memcpy(dst, vfrom, len);
kunmap_coherent(vfrom);
} else {
memcpy(dst, src, len);
if (boot_cpu_data.dcache.n_aliases)
clear_bit(PG_dcache_clean, &page->flags);
Reported by FlawFinder.
Line: 89
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, vfrom, len);
kunmap_coherent(vfrom);
} else {
memcpy(dst, src, len);
if (boot_cpu_data.dcache.n_aliases)
clear_bit(PG_dcache_clean, &page->flags);
}
}
Reported by FlawFinder.
arch/alpha/boot/bootpz.c
4 issues
Line: 452
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
srm_printk("Preparing ZERO_PGE...\n");
#endif
memset((char*)ZERO_PGE, 0, PAGE_SIZE);
strcpy((char*)ZERO_PGE, envval);
#ifdef INITRD_IMAGE_SIZE
#ifdef DEBUG_LAST_STEPS
srm_printk("Preparing INITRD info...\n");
Reported by FlawFinder.
Line: 289
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* seems rather far-fetched.
*/
static long nbytes;
static char envval[256] __attribute__((aligned(8)));
register unsigned long asm_sp asm("30");
SP_on_entry = asm_sp;
srm_printk("Linux/Alpha BOOTPZ Loader for Linux " UTS_RELEASE "\n");
Reported by FlawFinder.
Line: 421
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
initrd_image_start,
INITRD_IMAGE_SIZE);
#endif
memcpy((void *)initrd_image_start, (void *)V_INITRD_START,
INITRD_IMAGE_SIZE);
#endif /* INITRD_IMAGE_SIZE */
/* Next, we may have to move the uncompressed kernel to the
Reported by FlawFinder.
Line: 443
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
move_stack(initrd_image_start - PAGE_SIZE);
memcpy((void *)K_KERNEL_IMAGE_START,
(void *)uncompressed_image_start, KERNEL_SIZE);
}
/* Clear the zero page, then move the argument list in. */
#ifdef DEBUG_LAST_STEPS
Reported by FlawFinder.
arch/arm/kernel/hw_breakpoint.c
4 issues
Line: 729
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void watchpoint_handler(unsigned long addr, unsigned int fsr,
struct pt_regs *regs)
{
int i, access, closest_match = 0;
u32 min_dist = -1, dist;
u32 val, ctrl_reg;
struct perf_event *wp, **slots;
struct arch_hw_breakpoint *info;
struct arch_hw_breakpoint_ctrl ctrl;
Reported by FlawFinder.
Line: 763
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (debug_exception_updates_fsr()) {
access = (fsr & ARM_FSR_ACCESS_MASK) ?
HW_BREAKPOINT_W : HW_BREAKPOINT_R;
if (!(access & hw_breakpoint_type(wp)))
continue;
}
val = read_wb_reg(ARM_BASE_WVR + i);
ctrl_reg = read_wb_reg(ARM_BASE_WCR + i);
Reported by FlawFinder.
Line: 880
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* Check if the breakpoint value matches. */
val = read_wb_reg(ARM_BASE_BVR + i);
if (val != (addr & ~0x3))
goto mismatch;
/* Possible match, check the byte address select to confirm. */
ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
decode_ctrl_reg(ctrl_reg, &ctrl);
if ((1 << (addr & 0x3)) & ctrl.len) {
Reported by FlawFinder.
Line: 894
Column: 1
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
goto unlock;
}
mismatch:
/* If we're stepping a breakpoint, it can now be restored. */
if (info->step_ctrl.enabled)
disable_single_step(bp);
unlock:
rcu_read_unlock();
Reported by FlawFinder.