The following issues were found
fs/nfs/nfs4client.c
3 issues
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nfs_client *nfs4_alloc_client(const struct nfs_client_initdata *cl_init)
{
char buf[INET6_ADDRSTRLEN + 1];
const char *ip_addr = cl_init->ip_addr;
struct nfs_client *clp = nfs_alloc_client(cl_init);
int err;
if (IS_ERR(clp))
Reported by FlawFinder.
Line: 949
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.timeparms = &ds_timeout,
.cred = mds_srv->cred,
};
char buf[INET6_ADDRSTRLEN + 1];
if (rpc_ntop(ds_addr, buf, sizeof(buf)) <= 0)
return ERR_PTR(-EINVAL);
cl_init.hostname = buf;
Reported by FlawFinder.
Line: 1305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.addrlen = salen,
.servername = hostname,
};
char buf[INET6_ADDRSTRLEN + 1];
struct sockaddr_storage address;
struct sockaddr *localaddr = (struct sockaddr *)&address;
int error;
error = rpc_switch_client_transport(clnt, &xargs, clnt->cl_timeout);
Reported by FlawFinder.
fs/isofs/dir.c
3 issues
Line: 72
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (((de->flags[0] & 2) == 0) && (chr[13] == 0xff)
&& ((chr[12] & 0xf0) == 0xf0)) {
retname[retnamlen] = ',';
sprintf(retname+retnamlen+1, "%3.3x",
((chr[12] & 0xf) << 8) | chr[11]);
retnamlen += 4;
}
return retnamlen;
}
Reported by FlawFinder.
Line: 136
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Make sure we have a full directory entry */
if (offset >= bufsize) {
int slop = bufsize - offset + de_len;
memcpy(tmpde, de, slop);
offset &= bufsize - 1;
block++;
brelse(bh);
bh = NULL;
if (offset) {
Reported by FlawFinder.
Line: 145
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = isofs_bread(inode, block);
if (!bh)
return 0;
memcpy((void *) tmpde + slop, bh->b_data, offset);
}
de = tmpde;
}
/* Basic sanity check, whether name doesn't exceed dir entry */
if (de_len < de->name_len[0] +
Reported by FlawFinder.
fs/nfs/nfs4file.c
3 issues
Line: 346
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
read_name = kzalloc(len, GFP_NOFS);
if (read_name == NULL)
goto out;
snprintf(read_name, len, SSC_READ_NAME_BODY, read_name_gen++);
r_ino = nfs_fhget(ss_mnt->mnt_root->d_inode->i_sb, src_fh, &fattr,
NULL);
if (IS_ERR(r_ino)) {
res = ERR_CAST(r_ino);
Reported by FlawFinder.
Line: 380
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_stateowner;
set_bit(NFS_SRV_SSC_COPY_STATE, &ctx->state->flags);
memcpy(&ctx->state->open_stateid.other, &stateid->other,
NFS4_STATEID_OTHER_SIZE);
update_open_stateid(ctx->state, stateid, NULL, filep->f_mode);
set_bit(NFS_OPEN_STATE, &ctx->state->flags);
nfs_file_set_open_context(filep, ctx);
Reported by FlawFinder.
Line: 342
Column: 8
CWE codes:
126
}
res = ERR_PTR(-ENOMEM);
len = strlen(SSC_READ_NAME_BODY) + 16;
read_name = kzalloc(len, GFP_NOFS);
if (read_name == NULL)
goto out;
snprintf(read_name, len, SSC_READ_NAME_BODY, read_name_gen++);
Reported by FlawFinder.
fs/ntfs/super.c
3 issues
Line: 724
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sb_rdonly(sb)) {
ntfs_warning(sb, "Hot-fix: Recovering invalid primary "
"boot sector from backup copy.");
memcpy(bh_primary->b_data, bh_backup->b_data,
NTFS_BLOCK_SIZE);
mark_buffer_dirty(bh_primary);
sync_dirty_buffer(bh_primary);
if (buffer_uptodate(bh_primary)) {
brelse(bh_backup);
Reported by FlawFinder.
Line: 1612
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
page = ntfs_map_page(ino->i_mapping, index);
if (IS_ERR(page))
goto free_iput_failed;
memcpy((u8*)vol->attrdef + (index++ << PAGE_SHIFT),
page_address(page), size);
ntfs_unmap_page(page);
};
if (size == PAGE_SIZE) {
size = i_size & ~PAGE_MASK;
Reported by FlawFinder.
Line: 1681
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
page = ntfs_map_page(ino->i_mapping, index);
if (IS_ERR(page))
goto iput_upcase_failed;
memcpy((char*)vol->upcase + (index++ << PAGE_SHIFT),
page_address(page), size);
ntfs_unmap_page(page);
};
if (size == PAGE_SIZE) {
size = i_size & ~PAGE_MASK;
Reported by FlawFinder.
include/linux/intel-iommu.h
3 issues
Line: 592
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int msagaw; /* max sagaw of this iommu */
unsigned int irq, pr_irq;
u16 segment; /* PCI segment# */
unsigned char name[13]; /* Device Name */
#ifdef CONFIG_INTEL_IOMMU
unsigned long *domain_ids; /* bitmap of domains */
struct dmar_domain ***domains; /* ptr to domains */
spinlock_t lock; /* protect context, domain ids */
Reported by FlawFinder.
Line: 604
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
#ifdef CONFIG_INTEL_IOMMU_SVM
struct page_req_dsc *prq;
unsigned char prq_name[16]; /* Name for PRQ interrupt */
struct completion prq_complete;
struct ioasid_allocator_ops pasid_allocator; /* Custom allocator for PASIDs */
#endif
struct iopf_queue *iopf_queue;
unsigned char iopfq_name[16];
Reported by FlawFinder.
Line: 609
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ioasid_allocator_ops pasid_allocator; /* Custom allocator for PASIDs */
#endif
struct iopf_queue *iopf_queue;
unsigned char iopfq_name[16];
struct q_inval *qi; /* Queued invalidation info */
u32 *iommu_state; /* Store iommu states between suspend and resume.*/
#ifdef CONFIG_IRQ_REMAP
struct ir_table *ir_table; /* Interrupt remapping info */
Reported by FlawFinder.
fs/isofs/rock.c
3 issues
Line: 117
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
bh = sb_bread(rs->inode->i_sb, rs->cont_extent);
if (bh) {
memcpy(rs->buffer, bh->b_data + rs->cont_offset,
rs->cont_size);
put_bh(bh);
rs->chr = rs->buffer;
rs->len = rs->cont_size;
rs->cont_extent = 0;
Reported by FlawFinder.
Line: 281
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = memchr(rr->u.NM.name, '\0', len);
if (unlikely(p))
len = p - rr->u.NM.name;
memcpy(retname + retnamlen, rr->u.NM.name, len);
retnamlen += len;
retname[retnamlen] = '\0';
break;
case SIG('R', 'E'):
kfree(rs.buffer);
Reported by FlawFinder.
Line: 617
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0:
if (slp->len > plimit - rpnt)
return NULL;
memcpy(rpnt, slp->text, slp->len);
rpnt += slp->len;
break;
case 2:
if (rpnt >= plimit)
return NULL;
Reported by FlawFinder.
fs/ceph/inode.c
3 issues
Line: 221
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break; /* t is a leaf */
if (frag->split_by == 0) {
if (pfrag)
memcpy(pfrag, frag, sizeof(*pfrag));
if (found)
*found = 1;
break;
}
Reported by FlawFinder.
Line: 948
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_blob = ci->i_xattrs.blob;
ci->i_xattrs.blob = xattr_blob;
if (xattr_blob)
memcpy(ci->i_xattrs.blob->vec.iov_base,
iinfo->xattr_data, iinfo->xattr_len);
ci->i_xattrs.version = le64_to_cpu(info->xattr_version);
ceph_forget_all_cached_acls(inode);
ceph_security_invalidate_secctx(inode);
xattr_blob = NULL;
Reported by FlawFinder.
Line: 1645
Column: 9
CWE codes:
126
if (req->r_path2) {
last_hash = ceph_str_hash(ci->i_dir_layout.dl_dir_hash,
req->r_path2,
strlen(req->r_path2));
last_hash = ceph_frag_value(last_hash);
} else if (rinfo->offset_hash) {
/* mds understands offset_hash */
WARN_ON_ONCE(req->r_readdir_offset != 2);
last_hash = le32_to_cpu(req->r_args.readdir.offset_hash);
Reported by FlawFinder.
fs/ntfs/mft.c
3 issues
Line: 334
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (base_ni->nr_extents) {
BUG_ON(!base_ni->ext.extent_ntfs_inos);
memcpy(tmp, base_ni->ext.extent_ntfs_inos, new_size -
4 * sizeof(ntfs_inode *));
kfree(base_ni->ext.extent_ntfs_inos);
}
base_ni->ext.extent_ntfs_inos = tmp;
}
Reported by FlawFinder.
Line: 495
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* The address in the page of the mirror copy of the mft record @m. */
kmirr = page_address(page) + page_ofs;
/* Copy the mst protected mft record to the mirror. */
memcpy(kmirr, m, vol->mft_record_size);
/* Create uptodate buffers if not present. */
if (unlikely(!page_has_buffers(page))) {
struct buffer_head *tail;
bh = head = alloc_page_buffers(page, blocksize, true);
Reported by FlawFinder.
Line: 2893
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (base_ni->nr_extents) {
BUG_ON(!base_ni->ext.extent_ntfs_inos);
memcpy(extent_nis, base_ni->ext.extent_ntfs_inos,
new_size - 4 * sizeof(ntfs_inode*));
kfree(base_ni->ext.extent_ntfs_inos);
}
base_ni->ext.extent_ntfs_inos = extent_nis;
}
Reported by FlawFinder.
fs/reiserfs/do_balan.c
3 issues
Line: 1249
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
balance_leaf_new_nodes_paste(tb, ih, body, insert_key,
insert_ptr, i);
memcpy(insert_key + i, leaf_key(tb->S_new[i], 0), KEY_SIZE);
insert_ptr[i] = tb->S_new[i];
RFALSE(!buffer_journaled(tb->S_new[i])
|| buffer_journal_dirty(tb->S_new[i])
|| buffer_dirty(tb->S_new[i]),
Reported by FlawFinder.
Line: 1570
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (B_IS_ITEMS_LEVEL(src))
/* source buffer contains leaf node */
memcpy(internal_key(dest, n_dest), item_head(src, n_src),
KEY_SIZE);
else
memcpy(internal_key(dest, n_dest), internal_key(src, n_src),
KEY_SIZE);
Reported by FlawFinder.
Line: 1573
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(internal_key(dest, n_dest), item_head(src, n_src),
KEY_SIZE);
else
memcpy(internal_key(dest, n_dest), internal_key(src, n_src),
KEY_SIZE);
do_balance_mark_internal_dirty(tb, dest, 0);
}
Reported by FlawFinder.
fs/ntfs/logfile.c
3 issues
Line: 373
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
size = PAGE_SIZE - (pos & ~PAGE_MASK);
if (size >= le32_to_cpu(rp->system_page_size)) {
memcpy(trp, rp, le32_to_cpu(rp->system_page_size));
} else {
pgoff_t idx;
struct page *page;
int have_read, to_read;
Reported by FlawFinder.
Line: 380
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int have_read, to_read;
/* First copy what we already have in @rp. */
memcpy(trp, rp, size);
/* Copy the remaining data one page at a time. */
have_read = size;
to_read = le32_to_cpu(rp->system_page_size) - size;
idx = (pos + size) >> PAGE_SHIFT;
BUG_ON((pos + size) & ~PAGE_MASK);
Reported by FlawFinder.
Line: 397
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_out;
}
size = min_t(int, to_read, PAGE_SIZE);
memcpy((u8*)trp + have_read, page_address(page), size);
ntfs_unmap_page(page);
have_read += size;
to_read -= size;
idx++;
} while (to_read > 0);
Reported by FlawFinder.