The following issues were found
Documentation/sphinx/kernel_feat.py
22 issues
Line: 41
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
Reported by Pylint.
Line: 42
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
Reported by Pylint.
Line: 43
Column: 1
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
Reported by Pylint.
Line: 44
Column: 1
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
def setup(app):
Reported by Pylint.
Line: 45
Column: 1
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
def setup(app):
Reported by Pylint.
Line: 37
Column: 1
import codecs
import os
import subprocess
import sys
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
Reported by Pylint.
Line: 41
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
Reported by Pylint.
Line: 83
Column: 9
if not doc.settings.file_insertion_enabled:
raise self.warning("docutils: file insertion disabled")
env = doc.settings.env
cwd = path.dirname(doc.current_source)
cmd = "get_feat.pl rest --dir "
cmd += self.arguments[0]
if len(self.arguments) > 1:
Reported by Pylint.
Line: 104
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b604_any_other_function_with_shell_equals_true.html
shell_env["PATH"] = path_env
shell_env["srctree"] = srctree
lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env)
nodeList = self.nestedParse(lines, fname)
return nodeList
def runCmd(self, cmd, **kwargs):
u"""Run command ``cmd`` and return it's stdout as unicode."""
Reported by Bandit.
Line: 145
Column: 9
for c, l in enumerate(lines.split("\n")):
content.append(l, fname, c)
buf = self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter
with switch_source_input(self.state, content):
self.state.nested_parse(content, 0, node, match_titles=1)
return node.children
Reported by Pylint.
security/selinux/ss/policydb.c
22 issues
Line: 47
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define _DEBUG_HASHES
#ifdef DEBUG_HASHES
static const char *symtab_name[SYM_NUM] = {
"common prefixes",
"classes",
"roles",
"types",
"users",
Reported by FlawFinder.
Line: 2191
Column: 11
CWE codes:
126
genfs->fstype, c->u.name);
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
Reported by FlawFinder.
Line: 2192
Column: 12
CWE codes:
126
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
newc->next = c;
Reported by FlawFinder.
Line: 2431
Column: 13
CWE codes:
126
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
Reported by FlawFinder.
Line: 2434
Column: 15
CWE codes:
126
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
Reported by FlawFinder.
Line: 2786
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(levdatum->isalias);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2814
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(catdatum->value);
buf[2] = cpu_to_le32(catdatum->isalias);
rc = put_entry(buf, sizeof(u32), 3, fp);
if (rc)
Reported by FlawFinder.
Line: 2931
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(perdatum->value);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2955
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(comdatum->value);
buf[2] = cpu_to_le32(comdatum->permissions.nprim);
buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
rc = put_entry(buf, sizeof(u32), 4, fp);
Reported by FlawFinder.
Line: 3053
Column: 8
CWE codes:
126
size_t len, len2;
int rc;
len = strlen(key);
if (cladatum->comkey)
len2 = strlen(cladatum->comkey);
else
len2 = 0;
Reported by FlawFinder.
drivers/counter/counter.c
22 issues
Line: 55
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_signal_enum_read);
ssize_t counter_signal_enum_write(struct counter_device *counter,
struct counter_signal *signal, void *priv,
Reported by FlawFinder.
Line: 94
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_signal_enum_available_read);
Reported by FlawFinder.
Line: 118
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_count_enum_read);
ssize_t counter_count_enum_write(struct counter_device *counter,
struct counter_count *count, void *priv,
Reported by FlawFinder.
Line: 157
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_count_enum_available_read);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_device_enum_read);
ssize_t counter_device_enum_write(struct counter_device *counter, void *priv,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 217
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_device_enum_available_read);
Reported by FlawFinder.
Line: 311
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err)
return err;
return sprintf(buf, "%s\n", counter_signal_value_str[val]);
}
struct counter_name_unit {
const char *name;
};
Reported by FlawFinder.
Line: 324
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
const struct counter_name_unit *const comp = to_counter_attr(attr)->component;
return sprintf(buf, "%s\n", comp->name);
}
static int counter_name_attribute_create(
struct counter_device_attr_group *const group,
const char *const name)
Reported by FlawFinder.
Line: 563
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
synapse->action = action_index;
action = synapse->actions_list[action_index];
return sprintf(buf, "%s\n", counter_synapse_action_str[action]);
}
static ssize_t counter_action_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 615
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < component->num_actions; i++) {
action = component->actions_list[i];
len += sprintf(buf + len, "%s\n",
counter_synapse_action_str[action]);
}
return len;
}
Reported by FlawFinder.
drivers/infiniband/ulp/srp/ib_srp.c
22 issues
Line: 890
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* recognized by the I/O Class they report.
*/
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
Reported by FlawFinder.
Line: 891
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
Reported by FlawFinder.
Line: 892
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
Reported by FlawFinder.
Line: 893
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
Reported by FlawFinder.
Line: 895
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
Reported by FlawFinder.
Line: 896
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
Reported by FlawFinder.
Line: 897
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
* Topspin/Cisco SRP targets will reject our login unless we
Reported by FlawFinder.
Line: 898
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
* Topspin/Cisco SRP targets will reject our login unless we
* zero out the first 8 bytes of our initiator port ID and set
Reported by FlawFinder.
Line: 912
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"activated for target GUID %016llx\n",
be64_to_cpu(target->ioc_guid));
memset(ipi, 0, 8);
memcpy(ipi + 8, &target->srp_host->srp_dev->dev->node_guid, 8);
}
if (target->using_rdma_cm)
status = rdma_connect(ch->rdma_cm.cm_id, &req->rdma_param);
else
Reported by FlawFinder.
Line: 1764
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct srp_indirect_buf);
len += count * sizeof (struct srp_direct_buf);
memcpy(indirect_hdr->desc_list, req->indirect_desc,
count * sizeof (struct srp_direct_buf));
if (!target->global_rkey) {
ret = srp_map_idb(ch, req, state.gen.next, state.gen.end,
idb_len, &idb_rkey);
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
22 issues
Line: 1132
CWE codes:
562
};
if (bssid)
addr = vif->bss_conf.bssid;
if (enable)
ether_addr_copy(req.addr, addr);
return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
Reported by Cppcheck.
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "eeprom.h"
struct mt7915_patch_hdr {
char build_date[16];
char platform[4];
__be32 hw_sw_ver;
__be32 patch_ver;
__be16 checksum;
u16 reserved;
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt7915_patch_hdr {
char build_date[16];
char platform[4];
__be32 hw_sw_ver;
__be32 patch_ver;
__be16 checksum;
u16 reserved;
struct {
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 format_ver;
u8 format_flag;
u8 reserved[2];
char fw_ver[10];
char build_date[15];
u32 crc;
} __packed;
struct mt7915_fw_region {
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 format_flag;
u8 reserved[2];
char fw_ver[10];
char build_date[15];
u32 crc;
} __packed;
struct mt7915_fw_region {
__le32 decomp_crc;
Reported by FlawFinder.
Line: 778
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 ntlv;
ptlv = skb_put(skb, len);
memcpy(ptlv, &tlv, sizeof(tlv));
ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
if (sta_hdr) {
Reported by FlawFinder.
Line: 808
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
ptlv = skb_put(skb, sub_len);
memcpy(ptlv, &tlv, sizeof(tlv));
le16_add_cpu(sub_ntlv, 1);
le16_add_cpu(len, sub_len);
return ptlv;
Reported by FlawFinder.
Line: 868
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss->active = enable;
if (vif->type != NL80211_IFTYPE_MONITOR) {
memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
bss->dtim_period = vif->bss_conf.dtim_period;
bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
} else {
memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
Reported by FlawFinder.
Line: 873
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss->dtim_period = vif->bss_conf.dtim_period;
bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
} else {
memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
}
return 0;
}
Reported by FlawFinder.
Line: 1214
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
sec_key->key_id = bip->keyidx;
sec_key->key_len = 16;
memcpy(sec_key->key, bip->key, 16);
sec_key = &sec->key[1];
sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
sec_key->cipher_len = sizeof(*sec_key);
sec_key->key_len = 16;
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/common-spectral.c
22 issues
Line: 171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_20.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_20.data, sample_buf, SPECTRAL_HT20_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20 frame: max mag 0x%X,"
"max_mag_idx %i\n",
magnitude >> max_exp,
max_index);
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_40.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_40.data, sample_buf, SPECTRAL_HT20_40_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20/40 frame: lower mag 0x%X,"
"lower_mag_idx %i, upper mag 0x%X,"
"upper_mag_idx %i\n",
lower_mag >> max_exp,
Reported by FlawFinder.
Line: 417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (sample_bytes - sample_len) {
case -1:
/* First byte missing */
memcpy(&out[1], in,
sample_len - 1);
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
Reported by FlawFinder.
Line: 422
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
break;
case 1:
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
Reported by FlawFinder.
Line: 428
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
Reported by FlawFinder.
Line: 437
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
Reported by FlawFinder.
Line: 439
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
break;
}
Reported by FlawFinder.
Line: 795
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
struct ath_common *common = ath9k_hw_common(spec_priv->ah);
char buf[32];
ssize_t len;
if (IS_ENABLED(CONFIG_ATH9K_TX99))
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 845
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
char buf[32];
unsigned int len;
len = sprintf(buf, "%d\n", spec_priv->spec_config.short_repeat);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
drivers/scsi/myrs.c
22 issues
Line: 611
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
if (info->fw_major_version == 6 &&
Reported by FlawFinder.
Line: 917
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
case 'E':
if (cs->disable_enc_msg)
break;
sprintf(msg_buf, ev_msg, ev->lun);
shost_printk(KERN_INFO, shost, "event %d: Enclosure %d %s\n",
ev->ev_seq, ev->target, msg_buf);
break;
case 'C':
shost_printk(KERN_INFO, shost, "event %d: Controller %s\n",
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
union myrs_sgl *sgl;
unsigned char status;
memcpy(&ldev_info_orig, ldev_info, sizeof(struct myrs_ldev_info));
ldev_info_addr = dma_map_single(&cs->pdev->dev, ldev_info,
sizeof(struct myrs_ldev_info),
DMA_FROM_DEVICE);
if (dma_mapping_error(&cs->pdev->dev, ldev_info_addr))
return MYRS_STATUS_FAILED;
Reported by FlawFinder.
Line: 587
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct myrs_ctlr_info *info = cs->ctlr_info;
struct Scsi_Host *shost = cs->host;
unsigned char status;
unsigned char model[20];
unsigned char fw_version[12];
int i, model_len;
/* Get data into dma-able area, then copy into permanent location */
mutex_lock(&cs->cinfo_mutex);
Reported by FlawFinder.
Line: 588
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Scsi_Host *shost = cs->host;
unsigned char status;
unsigned char model[20];
unsigned char fw_version[12];
int i, model_len;
/* Get data into dma-able area, then copy into permanent location */
mutex_lock(&cs->cinfo_mutex);
status = myrs_get_ctlr_info(cs);
Reported by FlawFinder.
Line: 605
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
model_len = sizeof(info->ctlr_name);
if (model_len > sizeof(model)-1)
model_len = sizeof(model)-1;
memcpy(model, info->ctlr_name, model_len);
model_len--;
while (model[model_len] == ' ' || model[model_len] == '\0')
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
Reported by FlawFinder.
Line: 610
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
while (model[model_len] == ' ' || model[model_len] == '\0')
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
Reported by FlawFinder.
Line: 613
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
if (info->fw_major_version == 6 &&
info->fw_minor_version == 0 &&
info->fw_turn_number < 1) {
Reported by FlawFinder.
Line: 815
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void myrs_log_event(struct myrs_hba *cs, struct myrs_event *ev)
{
unsigned char msg_buf[MYRS_LINE_BUFFER_SIZE];
int ev_idx = 0, ev_code;
unsigned char ev_type, *ev_msg;
struct Scsi_Host *shost = cs->host;
struct scsi_device *sdev;
struct scsi_sense_hdr sshdr = {0};
Reported by FlawFinder.
Line: 821
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Scsi_Host *shost = cs->host;
struct scsi_device *sdev;
struct scsi_sense_hdr sshdr = {0};
unsigned char sense_info[4];
unsigned char cmd_specific[4];
if (ev->ev_code == 0x1C) {
if (!scsi_normalize_sense(ev->sense_data, 40, &sshdr)) {
memset(&sshdr, 0x0, sizeof(sshdr));
Reported by FlawFinder.
drivers/scsi/pm8001/pm80xx_hwi.c
22 issues
Line: 104
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pm8001_ha->forensic_info.data_buf.direct_data = buf;
if (pm8001_ha->chip_id == chip_8001) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"Not supported for SPC controller");
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* initialize variables for very first call from host application */
Reported by FlawFinder.
Line: 174
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* If accumulated length is zero fail the attempt */
if (accum_len == 0) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* Accumulated length is good so start capturing the first data */
Reported by FlawFinder.
Line: 213
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pm8001_ha->forensic_last_offset >= length_to_read) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 3);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 219
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_bar_loc = 0;
Reported by FlawFinder.
Line: 240
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (pm8001_ha->fatal_bar_loc < (64 * 1024)) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
Reported by FlawFinder.
Line: 247
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data
+= sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
status = 0;
offset = (int)
Reported by FlawFinder.
Line: 264
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Increment the MEMBASE II Shifting Register value by 0x100.*/
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 270
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_forensic_shift_offset += 0x100;
pm8001_cw32(pm8001_ha, 0, MEMBASE_II_SHIFT_REGISTER,
Reported by FlawFinder.
Line: 325
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)
pm8001_ha->forensic_info.data_buf.direct_data
- (char *)buf);
Reported by FlawFinder.
Line: 349
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf);
}
Reported by FlawFinder.
fs/ceph/mds_client.c
22 issues
Line: 1003
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
*/
static int __choose_mds(struct ceph_mds_client *mdsc,
struct ceph_mds_request *req,
bool *random)
{
struct inode *inode;
struct ceph_inode_info *ci;
struct ceph_cap *cap;
int mode = req->r_direct_mode;
Reported by FlawFinder.
Line: 1013
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
u32 hash = req->r_direct_hash;
bool is_hash = test_bit(CEPH_MDS_R_DIRECT_IS_HASH, &req->r_req_flags);
if (random)
*random = false;
/*
* is there a specific mds we should try? ignore hint if we have
* no session and the mds is not up (active or recovering).
Reported by FlawFinder.
Line: 1029
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
if (mode == USE_RANDOM_MDS)
goto random;
inode = NULL;
if (req->r_inode) {
if (ceph_snap(req->r_inode) != CEPH_SNAPDIR) {
inode = req->r_inode;
Reported by FlawFinder.
Line: 1080
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
dout("%s %p is_hash=%d (0x%x) mode %d\n", __func__, inode, (int)is_hash,
hash, mode);
if (!inode)
goto random;
ci = ceph_inode(inode);
if (is_hash && S_ISDIR(inode->i_mode)) {
struct ceph_inode_frag frag;
int found;
Reported by FlawFinder.
Line: 1134
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (!cap) {
spin_unlock(&ci->i_ceph_lock);
iput(inode);
goto random;
}
mds = cap->session->s_mds;
dout("%s %p %llx.%llx mds%d (%scap %p)\n", __func__,
inode, ceph_vinop(inode), mds,
cap == ci->i_auth_cap ? "auth " : "", cap);
Reported by FlawFinder.
Line: 1145
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
iput(inode);
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
Reported by FlawFinder.
Line: 1146
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
return mds;
Reported by FlawFinder.
Line: 2800
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
struct ceph_mds_session *session = NULL;
int mds = -1;
int err = 0;
bool random;
if (req->r_err || test_bit(CEPH_MDS_R_GOT_RESULT, &req->r_req_flags)) {
if (test_bit(CEPH_MDS_R_ABORTED, &req->r_req_flags))
__unregister_request(mdsc, req);
return;
Reported by FlawFinder.
Line: 2840
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
put_request_session(req);
mds = __choose_mds(mdsc, req, &random);
if (mds < 0 ||
ceph_mdsmap_get_state(mdsc->mdsmap, mds) < CEPH_MDS_STATE_ACTIVE) {
if (test_bit(CEPH_MDS_R_ASYNC, &req->r_req_flags)) {
err = -EJUKEBOX;
goto finish;
Reported by FlawFinder.
Line: 2896
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (err)
goto out_session;
/* retry the same mds later */
if (random)
req->r_resend_mds = mds;
}
list_add(&req->r_wait, &session->s_waiting);
goto out_session;
}
Reported by FlawFinder.
tools/lib/bpf/linker.c
22 issues
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 305
Column: 15
CWE codes:
362
if (!linker->filename)
return -ENOMEM;
linker->fd = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (linker->fd < 0) {
err = -errno;
pr_warn("failed to create '%s': %d\n", file, err);
return err;
}
Reported by FlawFinder.
Line: 560
Column: 12
CWE codes:
362
obj->filename = filename;
obj->fd = open(filename, O_RDONLY);
if (obj->fd < 0) {
err = -errno;
pr_warn("failed to open file '%s': %d\n", filename, err);
return err;
}
Reported by FlawFinder.
Line: 1130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* pad dst section, if it's alignment forced size increase */
memset(dst->raw_data + dst->sec_sz, 0, dst_align_sz - dst->sec_sz);
/* now copy src data at a properly aligned offset */
memcpy(dst->raw_data + dst_align_sz, src->data->d_buf, src->shdr->sh_size);
}
dst->sec_sz = dst_final_sz;
dst->shdr->sh_size = dst_final_sz;
dst->data->d_size = dst_final_sz;
Reported by FlawFinder.
Line: 1555
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (main_def->parts & MAP_DEF_INNER_MAP) {
char inner_map_name[128];
snprintf(inner_map_name, sizeof(inner_map_name), "%s.inner", sym_name);
return map_defs_match(inner_map_name,
main_btf, main_inner_def, NULL,
Reported by FlawFinder.
Line: 2414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ext_data->recs = tmp;
tmp += ext_data->rec_cnt * ext_data->rec_sz;
memcpy(tmp, src_rec, ext_data->rec_sz);
ext_data->rec_cnt++;
return tmp;
}
Reported by FlawFinder.
Line: 2738
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur += sizeof(struct btf_ext_info_sec);
sz = sec_data->rec_cnt * sec_data->rec_sz;
memcpy(cur, sec_data->recs, sz);
cur += sz;
return cur - output;
}
Reported by FlawFinder.
Line: 1495
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
if (main_def->key_size != extra_def->key_size) {
reason = "key_size";
Reported by FlawFinder.