The following issues were found
fs/cifs/cifsproto.h
3 issues
Line: 253
Column: 33
CWE codes:
362
int rw_check);
extern void cifs_add_pending_open(struct cifs_fid *fid,
struct tcon_link *tlink,
struct cifs_pending_open *open);
extern void cifs_add_pending_open_locked(struct cifs_fid *fid,
struct tcon_link *tlink,
struct cifs_pending_open *open);
extern void cifs_del_pending_open(struct cifs_pending_open *open);
Reported by FlawFinder.
Line: 256
Column: 33
CWE codes:
362
struct cifs_pending_open *open);
extern void cifs_add_pending_open_locked(struct cifs_fid *fid,
struct tcon_link *tlink,
struct cifs_pending_open *open);
extern void cifs_del_pending_open(struct cifs_pending_open *open);
extern bool cifs_is_deferred_close(struct cifsFileInfo *cfile,
struct cifs_deferred_close **dclose);
Reported by FlawFinder.
Line: 257
Column: 61
CWE codes:
362
extern void cifs_add_pending_open_locked(struct cifs_fid *fid,
struct tcon_link *tlink,
struct cifs_pending_open *open);
extern void cifs_del_pending_open(struct cifs_pending_open *open);
extern bool cifs_is_deferred_close(struct cifsFileInfo *cfile,
struct cifs_deferred_close **dclose);
extern void cifs_add_deferred_close(struct cifsFileInfo *cfile,
Reported by FlawFinder.
include/linux/nvram.h
3 issues
Line: 36
Column: 20
CWE codes:
120
20
ssize_t (*get_size)(void);
unsigned char (*read_byte)(int);
void (*write_byte)(unsigned char, int);
ssize_t (*read)(char *, size_t, loff_t *);
ssize_t (*write)(char *, size_t, loff_t *);
#if defined(CONFIG_X86) || defined(CONFIG_M68K)
long (*initialize)(void);
long (*set_checksum)(void);
#endif
Reported by FlawFinder.
Line: 115
Column: 21
CWE codes:
120
20
if (ppc_md.nvram_read)
return ppc_md.nvram_read(buf, count, ppos);
#else
if (arch_nvram_ops.read)
return arch_nvram_ops.read(buf, count, ppos);
#endif
return nvram_read_bytes(buf, count, ppos);
}
Reported by FlawFinder.
Line: 116
Column: 25
CWE codes:
120
20
return ppc_md.nvram_read(buf, count, ppos);
#else
if (arch_nvram_ops.read)
return arch_nvram_ops.read(buf, count, ppos);
#endif
return nvram_read_bytes(buf, count, ppos);
}
static inline ssize_t nvram_write(char *buf, size_t count, loff_t *ppos)
Reported by FlawFinder.
fs/cifs/cifs_unicode.c
3 issues
Line: 186
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int outlen = 0;
int nullsize = nls_nullsize(codepage);
int fromwords = fromlen / 2;
char tmp[NLS_MAX_CHARSET_SIZE];
__u16 ftmp[3]; /* ftmp[3] = 3array x 2bytes = 6bytes UTF-16 */
/*
* because the chars can be of varying widths, we need to take care
* not to overflow the destination buffer when we get close to the
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
int charlen, outlen = 0;
int maxwords = maxbytes / 2;
char tmp[NLS_MAX_CHARSET_SIZE];
__u16 ftmp[3];
for (i = 0; i < maxwords; i++) {
ftmp[0] = get_unaligned_le16(&from[i]);
if (ftmp[0] == 0)
Reported by FlawFinder.
Line: 635
Column: 31
CWE codes:
126
*utf16_len = 0;
return NULL;
}
cifsConvertToUTF16(dst, src, strlen(src), cp, remap);
*utf16_len = len;
return dst;
}
Reported by FlawFinder.
include/linux/kobject.h
3 issues
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct kobj_uevent_env {
char *argv[3];
char *envp[UEVENT_NUM_ENVP];
int envp_idx;
char buf[UEVENT_BUFFER_SIZE];
int buflen;
};
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kobj_uevent_env {
char *argv[3];
char *envp[UEVENT_NUM_ENVP];
int envp_idx;
char buf[UEVENT_BUFFER_SIZE];
int buflen;
};
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *argv[3];
char *envp[UEVENT_NUM_ENVP];
int envp_idx;
char buf[UEVENT_BUFFER_SIZE];
int buflen;
};
struct kset_uevent_ops {
int (* const filter)(struct kset *kset, struct kobject *kobj);
Reported by FlawFinder.
include/linux/pci.h
3 issues
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int domain_nr;
#endif
char name[48];
unsigned short bridge_ctl; /* Manage NO_ISA/FBB/et al behaviors */
pci_bus_flags_t bus_flags; /* Inherited by child buses */
struct device *bridge;
struct device dev;
Reported by FlawFinder.
Line: 739
Column: 8
CWE codes:
120
20
int (*add_bus)(struct pci_bus *bus);
void (*remove_bus)(struct pci_bus *bus);
void __iomem *(*map_bus)(struct pci_bus *bus, unsigned int devfn, int where);
int (*read)(struct pci_bus *bus, unsigned int devfn, int where, int size, u32 *val);
int (*write)(struct pci_bus *bus, unsigned int devfn, int where, int size, u32 val);
};
/*
* ACPI needs to be able to access PCI config space before we've done a
Reported by FlawFinder.
Line: 1714
Column: 14
CWE codes:
120
20
#define _PCI_NOP_ALL(o, x) _PCI_NOP(o, byte, u8 x) \
_PCI_NOP(o, word, u16 x) \
_PCI_NOP(o, dword, u32 x)
_PCI_NOP_ALL(read, *)
_PCI_NOP_ALL(write,)
static inline struct pci_dev *pci_get_device(unsigned int vendor,
unsigned int device,
struct pci_dev *from)
Reported by FlawFinder.
include/linux/percpu-rwsem.h
3 issues
Line: 142
Column: 11
CWE codes:
120
20
#define percpu_rwsem_assert_held(sem) lockdep_assert_held(sem)
static inline void percpu_rwsem_release(struct percpu_rw_semaphore *sem,
bool read, unsigned long ip)
{
lock_release(&sem->dep_map, ip);
}
static inline void percpu_rwsem_acquire(struct percpu_rw_semaphore *sem,
Reported by FlawFinder.
Line: 148
Column: 11
CWE codes:
120
20
}
static inline void percpu_rwsem_acquire(struct percpu_rw_semaphore *sem,
bool read, unsigned long ip)
{
lock_acquire(&sem->dep_map, 0, 1, read, 1, NULL, ip);
}
#endif
Reported by FlawFinder.
Line: 150
Column: 36
CWE codes:
120
20
static inline void percpu_rwsem_acquire(struct percpu_rw_semaphore *sem,
bool read, unsigned long ip)
{
lock_acquire(&sem->dep_map, 0, 1, read, 1, NULL, ip);
}
#endif
Reported by FlawFinder.
fs/hugetlbfs/inode.c
3 issues
Line: 888
Column: 9
CWE codes:
377
struct dentry *dentry,
umode_t mode,
dev_t dev,
bool tmpfile)
{
struct inode *inode;
int error = -ENOSPC;
inode = hugetlbfs_get_inode(dir->i_sb, dir, mode, dev);
Reported by FlawFinder.
Line: 896
Column: 7
CWE codes:
377
inode = hugetlbfs_get_inode(dir->i_sb, dir, mode, dev);
if (inode) {
dir->i_ctime = dir->i_mtime = current_time(dir);
if (tmpfile) {
d_tmpfile(dentry, inode);
} else {
d_instantiate(dentry, inode);
dget(dentry);/* Extra count - pin the dentry in core */
}
Reported by FlawFinder.
Line: 946
Column: 11
CWE codes:
126
inode = hugetlbfs_get_inode(dir->i_sb, dir, S_IFLNK|S_IRWXUGO, 0);
if (inode) {
int l = strlen(symname)+1;
error = page_symlink(inode, symname, l);
if (!error) {
d_instantiate(dentry, inode);
dget(dentry);
} else
Reported by FlawFinder.
fs/char_dev.c
3 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int major;
unsigned int baseminor;
int minorct;
char name[64];
struct cdev *cdev; /* will die */
} *chrdevs[CHRDEV_MAJOR_HASH_SIZE];
/* index in the above */
static inline int major_to_index(unsigned major)
Reported by FlawFinder.
Line: 413
Column: 18
CWE codes:
362
goto out_cdev_put;
replace_fops(filp, fops);
if (filp->f_op->open) {
ret = filp->f_op->open(inode, filp);
if (ret)
goto out_cdev_put;
}
Reported by FlawFinder.
Line: 414
Column: 21
CWE codes:
362
replace_fops(filp, fops);
if (filp->f_op->open) {
ret = filp->f_op->open(inode, filp);
if (ret)
goto out_cdev_put;
}
return 0;
Reported by FlawFinder.
fs/ceph/metric.c
3 issues
Line: 16
Column: 35
CWE codes:
120
20
{
struct ceph_metric_head *head;
struct ceph_metric_cap *cap;
struct ceph_metric_read_latency *read;
struct ceph_metric_write_latency *write;
struct ceph_metric_metadata_latency *meta;
struct ceph_metric_dlease *dlease;
struct ceph_opened_files *files;
struct ceph_pinned_icaps *icaps;
Reported by FlawFinder.
Line: 34
Column: 47
CWE codes:
120
20
s32 items = 0;
s32 len;
len = sizeof(*head) + sizeof(*cap) + sizeof(*read) + sizeof(*write)
+ sizeof(*meta) + sizeof(*dlease) + sizeof(*files)
+ sizeof(*icaps) + sizeof(*inodes) + sizeof(*rsize)
+ sizeof(*wsize);
msg = ceph_msg_new(CEPH_MSG_CLIENT_METRICS, len, GFP_NOFS, true);
Reported by FlawFinder.
Line: 64
Column: 46
CWE codes:
120
20
read->header.type = cpu_to_le32(CLIENT_METRIC_TYPE_READ_LATENCY);
read->header.ver = 1;
read->header.compat = 1;
read->header.data_len = cpu_to_le32(sizeof(*read) - header_len);
sum = m->read_latency_sum;
jiffies_to_timespec64(sum, &ts);
read->sec = cpu_to_le32(ts.tv_sec);
read->nsec = cpu_to_le32(ts.tv_nsec);
items++;
Reported by FlawFinder.
drivers/w1/slaves/w1_ds2438.c
3 issues
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 w1_page1_buf[DS2438_PAGE_SIZE + 1 /*for CRC*/];
if (w1_ds2438_get_page(sl, 1, w1_page1_buf) == 0) {
memcpy(&w1_buf[2], w1_page1_buf, DS2438_PAGE_SIZE - 1); /* last register reserved */
w1_buf[7] = value[0]; /* change only offset register */
w1_buf[8] = value[1];
while (retries--) {
if (w1_reset_select_slave(sl))
continue;
Reported by FlawFinder.
Line: 355
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = DS2438_PAGE_SIZE;
if (w1_ds2438_get_page(sl, 0, w1_buf) == 0) {
memcpy(buf, &w1_buf, count);
ret = count;
} else
ret = -EIO;
mutex_unlock(&sl->master->bus_mutex);
Reported by FlawFinder.
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = DS2438_PAGE_SIZE;
if (w1_ds2438_get_page(sl, 1, w1_buf) == 0) {
memcpy(buf, &w1_buf, count);
ret = count;
} else
ret = -EIO;
mutex_unlock(&sl->master->bus_mutex);
Reported by FlawFinder.