The following issues were found
fs/jfs/jfs_superblock.h
3 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* changed to jfs_superblock. The utilities are still using the old name.
*/
struct jfs_superblock {
char s_magic[4]; /* 4: magic number */
__le32 s_version; /* 4: version number */
__le64 s_size; /* 8: aggregate size in hardware/LVM blocks;
* VFS: number of blocks
*/
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 1 => the first one
* 2 => the 2nd one
*/
char s_fpack[11]; /* 11: file system volume name
* N.B. This must be 11 bytes to
* conform with the OS/2 BootSector
* requirements
* Only used when s_version is 1
*/
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pxd_t s_xfsckpxd; /* 8: extendfs fsckpxd */
pxd_t s_xlogpxd; /* 8: extendfs logpxd */
uuid_t s_uuid; /* 16: 128-bit uuid for volume */
char s_label[16]; /* 16: volume label */
uuid_t s_loguuid; /* 16: 128-bit uuid for log device */
};
extern int readSuper(struct super_block *, struct buffer_head **);
Reported by FlawFinder.
fs/btrfs/relocation.c
3 issues
Line: 787
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
must_abort = true;
memcpy(root_item, &root->root_item, sizeof(*root_item));
btrfs_set_root_bytenr(root_item, eb->start);
btrfs_set_root_level(root_item, btrfs_header_level(eb));
btrfs_set_root_generation(root_item, trans->transid);
if (root->root_key.objectid == objectid) {
Reported by FlawFinder.
Line: 3436
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
rc->search_start = key.objectid +
fs_info->nodesize;
memcpy(extent_key, &key, sizeof(key));
return 0;
}
}
btrfs_release_path(path);
return ret;
Reported by FlawFinder.
Line: 3873
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void describe_relocation(struct btrfs_fs_info *fs_info,
struct btrfs_block_group *block_group)
{
char buf[128] = {'\0'};
btrfs_describe_block_groups(block_group->flags, buf, sizeof(buf));
btrfs_info(fs_info,
"relocating block group %llu flags %s",
Reported by FlawFinder.
fs/proc/task_mmu.c
3 issues
Line: 606
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Don't forget to update Documentation/ on changes.
*/
static const char mnemonics[BITS_PER_LONG][2] = {
/*
* In case if we meet a flag we don't know about.
*/
[0 ... (BITS_PER_LONG-1)] = "??",
Reported by FlawFinder.
Line: 1206
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct task_struct *task;
char buffer[PROC_NUMBUF];
struct mm_struct *mm;
struct vm_area_struct *vma;
enum clear_refs_types type;
int itype;
int rv;
Reported by FlawFinder.
Line: 1872
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct file *file = vma->vm_file;
struct mm_struct *mm = vma->vm_mm;
struct mempolicy *pol;
char buffer[64];
int nid;
if (!mm)
return 0;
Reported by FlawFinder.
include/linux/c2port.h
3 issues
Line: 20
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Main struct */
struct c2port_ops;
struct c2port_device {
unsigned int access:1;
unsigned int flash_access:1;
int id;
char name[C2PORT_NAME_LEN];
struct c2port_ops *ops;
Reported by FlawFinder.
Line: 40
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
unsigned short blocks_num; /* flash blocks number */
/* Enable or disable the access to C2 port */
void (*access)(struct c2port_device *dev, int status);
/* Set C2D data line as input/output */
void (*c2d_dir)(struct c2port_device *dev, int dir);
/* Read/write C2D data line */
Reported by FlawFinder.
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int flash_access:1;
int id;
char name[C2PORT_NAME_LEN];
struct c2port_ops *ops;
struct mutex mutex; /* prevent races during read/write */
struct device *dev;
Reported by FlawFinder.
fs/proc/stat.c
3 issues
Line: 111
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int show_stat(struct seq_file *p, void *v)
{
int i, j;
u64 user, nice, system, idle, iowait, irq, softirq, steal;
u64 guest, guest_nice;
u64 sum = 0;
u64 sum_softirq = 0;
unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
struct timespec64 boottime;
Reported by FlawFinder.
Line: 155
Column: 46
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
seq_put_decimal_ull(p, "cpu ", nsec_to_clock_t(user));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(nice));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(system));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(idle));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(iowait));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(irq));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(softirq));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(steal));
Reported by FlawFinder.
Line: 185
Column: 47
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
seq_printf(p, "cpu%d", i);
seq_put_decimal_ull(p, " ", nsec_to_clock_t(user));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(nice));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(system));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(idle));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(iowait));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(irq));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(softirq));
seq_put_decimal_ull(p, " ", nsec_to_clock_t(steal));
Reported by FlawFinder.
fs/jfs/namei.c
3 issues
Line: 950
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ip->i_op = &jfs_fast_symlink_inode_operations;
ip->i_link = JFS_IP(ip)->i_inline;
memcpy(ip->i_link, name, ssize);
ip->i_size = ssize - 1;
/*
* if symlink is > 128 bytes, we don't have the space to
* store inline extended attributes
Reported by FlawFinder.
Line: 1000
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
txAbort(tid, 0);
goto out3;
}
memcpy(mp->data, name, copy_size);
flush_metapage(mp);
ssize -= copy_size;
name += copy_size;
xaddr += JFS_SBI(sb)->nbperpage;
}
Reported by FlawFinder.
Line: 897
Column: 10
CWE codes:
126
if (rc)
goto out1;
ssize = strlen(name) + 1;
/*
* search parent directory for entry/freespace
* (dtSearch() returns parent directory page pinned)
*/
Reported by FlawFinder.
include/linux/serial_core.h
3 issues
Line: 349
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct earlycon_device {
struct console *con;
struct uart_port port;
char options[16]; /* e.g., 115200n8 */
unsigned int baud;
};
struct earlycon_id {
char name[15];
Reported by FlawFinder.
Line: 354
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct earlycon_id {
char name[15];
char name_term; /* In case compiler didn't '\0' term name */
char compatible[128];
int (*setup)(struct earlycon_device *, const char *options);
};
Reported by FlawFinder.
Line: 356
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct earlycon_id {
char name[15];
char name_term; /* In case compiler didn't '\0' term name */
char compatible[128];
int (*setup)(struct earlycon_device *, const char *options);
};
extern const struct earlycon_id __earlycon_table[];
extern const struct earlycon_id __earlycon_table_end[];
Reported by FlawFinder.
drivers/video/fbdev/tdfxfb.c
3 issues
Line: 1396
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Configure the default fb_fix_screeninfo first */
switch (pdev->device) {
case PCI_DEVICE_ID_3DFX_BANSHEE:
strcpy(info->fix.id, "3Dfx Banshee");
default_par->max_pixclock = BANSHEE_MAX_PIXCLOCK;
break;
case PCI_DEVICE_ID_3DFX_VOODOO3:
strcpy(info->fix.id, "3Dfx Voodoo3");
default_par->max_pixclock = VOODOO3_MAX_PIXCLOCK;
Reported by FlawFinder.
Line: 1400
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
default_par->max_pixclock = BANSHEE_MAX_PIXCLOCK;
break;
case PCI_DEVICE_ID_3DFX_VOODOO3:
strcpy(info->fix.id, "3Dfx Voodoo3");
default_par->max_pixclock = VOODOO3_MAX_PIXCLOCK;
break;
case PCI_DEVICE_ID_3DFX_VOODOO5:
strcpy(info->fix.id, "3Dfx Voodoo5");
default_par->max_pixclock = VOODOO5_MAX_PIXCLOCK;
Reported by FlawFinder.
Line: 1404
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
default_par->max_pixclock = VOODOO3_MAX_PIXCLOCK;
break;
case PCI_DEVICE_ID_3DFX_VOODOO5:
strcpy(info->fix.id, "3Dfx Voodoo5");
default_par->max_pixclock = VOODOO5_MAX_PIXCLOCK;
break;
}
info->fix.mmio_start = pci_resource_start(pdev, 0);
Reported by FlawFinder.
include/linux/qed/qed_eth_if.h
3 issues
Line: 216
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/* CEE std */
u8 (*getstate)(struct qed_dev *cdev);
u8 (*setstate)(struct qed_dev *cdev, u8 state);
void (*getpgtccfgtx)(struct qed_dev *cdev, int prio, u8 *prio_type,
u8 *pgid, u8 *bw_pct, u8 *up_map);
void (*getpgbwgcfgtx)(struct qed_dev *cdev, int pgid, u8 *bw_pct);
void (*getpgtccfgrx)(struct qed_dev *cdev, int prio, u8 *prio_type,
u8 *pgid, u8 *bw_pct, u8 *up_map);
Reported by FlawFinder.
Line: 139
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 vlan_valid;
u16 vlan;
u8 mac_valid;
unsigned char mac[ETH_ALEN];
};
struct qed_filter_mcast_params {
enum qed_filter_xcast_params_type type;
u8 num;
Reported by FlawFinder.
Line: 145
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qed_filter_mcast_params {
enum qed_filter_xcast_params_type type;
u8 num;
unsigned char mac[64][ETH_ALEN];
};
union qed_filter_type_params {
enum qed_filter_rx_mode_type accept_flags;
struct qed_filter_ucast_params ucast;
Reported by FlawFinder.
fs/kernfs/dir.c
3 issues
Line: 22
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DEFINE_MUTEX(kernfs_mutex);
static DEFINE_SPINLOCK(kernfs_rename_lock); /* kn->parent and ->name */
static char kernfs_pr_cont_buf[PATH_MAX]; /* protected by rename_lock */
static DEFINE_SPINLOCK(kernfs_idr_lock); /* root->ino_idr */
#define rb_to_kn(X) rb_entry((X), struct kernfs_node, rb)
static bool kernfs_active(struct kernfs_node *kn)
Reported by FlawFinder.
Line: 302
Column: 21
CWE codes:
126
static unsigned int kernfs_name_hash(const char *name, const void *ns)
{
unsigned long hash = init_name_hash(ns);
unsigned int len = strlen(name);
while (len--)
hash = partial_name_hash(*name++, hash);
hash = end_name_hash(hash);
hash &= 0x7fffffffU;
/* Reserve hash numbers 0, 1 and INT_MAX for magic directory entries */
Reported by FlawFinder.
Line: 1684
Column: 13
CWE codes:
126
pos = kernfs_dir_next_pos(ns, parent, ctx->pos, pos)) {
const char *name = pos->name;
unsigned int type = dt_type(pos);
int len = strlen(name);
ino_t ino = kernfs_ino(pos);
ctx->pos = pos->hash;
file->private_data = pos;
kernfs_get(pos);
Reported by FlawFinder.