The following issues were found
arch/m68k/include/asm/openprom.h
3 issues
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Arguments sent to the kernel from the boot prompt. */
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Arguments sent to the kernel from the boot prompt. */
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
char *kernel_file_name;
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
char *kernel_file_name;
void *aieee1; /* XXX */
Reported by FlawFinder.
arch/powerpc/include/asm/spu.h
3 issues
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void (* stop_callback)(struct spu *spu, int irq);
void (* mfc_callback)(struct spu *spu);
char irq_c0[8];
char irq_c1[8];
char irq_c2[8];
u64 spe_id;
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void (* mfc_callback)(struct spu *spu);
char irq_c0[8];
char irq_c1[8];
char irq_c2[8];
u64 spe_id;
void* pdata; /* platform private data */
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char irq_c0[8];
char irq_c1[8];
char irq_c2[8];
u64 spe_id;
void* pdata; /* platform private data */
Reported by FlawFinder.
arch/m68k/include/asm/mac_baboon.h
3 issues
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifndef __ASSEMBLY__
struct baboon {
char pad1[208]; /* generic IDE registers, not used here */
short mb_control; /* Control register:
* bit 5 : slot 2 power control
* bit 6 : slot 1 power control
*/
char pad2[2];
Reported by FlawFinder.
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* bit 5 : slot 2 power control
* bit 6 : slot 1 power control
*/
char pad2[2];
short mb_status; /* (0xD4) media bay status register:
*
* bit 0: ????
* bit 1: IDE interrupt active?
* bit 2: bay status, 0 = full, 1 = empty
Reported by FlawFinder.
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* bit 2: bay status, 0 = full, 1 = empty
* bit 3: ????
*/
char pad3[2]; /* (0xD6) not used */
short mb_ifr; /* (0xD8) media bay interrupt flags register:
*
* bit 0: ????
* bit 1: IDE controller interrupt
* bit 2: media bay status change interrupt
Reported by FlawFinder.
block/bfq-iosched.h
3 issues
Line: 924
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct blkg_policy_data pd;
/* cached path for this blkg (see comments in bfq_bic_update_cgroup) */
char blkg_path[128];
/* reference counter (see comments in bfq_bic_update_cgroup) */
int ref;
struct bfq_entity entity;
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfq_group *bfqq_group(struct bfq_queue *bfqq);
#define bfq_log_bfqq(bfqd, bfqq, fmt, args...) do { \
char pid_str[MAX_PID_STR_LENGTH]; \
if (likely(!blk_trace_note_message_enabled((bfqd)->queue))) \
break; \
bfq_pid_to_str((bfqq)->pid, pid_str, MAX_PID_STR_LENGTH); \
blk_add_cgroup_trace_msg((bfqd)->queue, \
bfqg_to_blkg(bfqq_group(bfqq))->blkcg, \
Reported by FlawFinder.
Line: 1114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else /* CONFIG_BFQ_GROUP_IOSCHED */
#define bfq_log_bfqq(bfqd, bfqq, fmt, args...) do { \
char pid_str[MAX_PID_STR_LENGTH]; \
if (likely(!blk_trace_note_message_enabled((bfqd)->queue))) \
break; \
bfq_pid_to_str((bfqq)->pid, pid_str, MAX_PID_STR_LENGTH); \
blk_add_trace_msg((bfqd)->queue, "bfq%s%c " fmt, pid_str, \
bfq_bfqq_sync((bfqq)) ? 'S' : 'A', \
Reported by FlawFinder.
arch/m68k/hp300/config.c
3 issues
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void hp300_get_model(char *model)
{
strcpy(model, hp300_model_name);
}
#define RTCBASE 0xf0420000
#define RTC_DATA 0x1
#define RTC_CMD 0x3
Reported by FlawFinder.
Line: 268
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
hp300_model != HP_350) {
pr_info("Detected HP9000 model %s\n",
hp300_models[hp300_model-HP_320]);
strcat(hp300_model_name, hp300_models[hp300_model-HP_320]);
} else {
panic("Unknown HP9000 Model");
}
#ifdef CONFIG_SERIAL_8250_CONSOLE
hp300_setup_serial_console();
Reported by FlawFinder.
Line: 66
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[HP_433S] = s_hp433s,
};
static char hp300_model_name[13] = "HP9000/";
extern void hp300_reset(void);
#ifdef CONFIG_SERIAL_8250_CONSOLE
extern int hp300_setup_serial_console(void) __init;
#endif
Reported by FlawFinder.
arch/mips/fw/sni/sniprom.c
3 issues
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
/* copy prom cmdline parameters to kernel cmdline */
for (i = 1; i < argc; i++) {
strcat(arcs_cmdline, (char *)CKSEG0ADDR(argv[i]));
if (i < (argc - 1))
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
Line: 145
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* copy prom cmdline parameters to kernel cmdline */
for (i = 1; i < argc; i++) {
strcat(arcs_cmdline, (char *)CKSEG0ADDR(argv[i]));
if (i < (argc - 1))
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
Line: 147
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 1; i < argc; i++) {
strcat(arcs_cmdline, (char *)CKSEG0ADDR(argv[i]));
if (i < (argc - 1))
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
arch/powerpc/perf/callchain_64.c
3 issues
Line: 41
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* align address to page boundary */
offset = addr & ~PAGE_MASK;
memcpy(buf, kaddr + offset, nb);
put_page(page);
return 0;
}
return -EFAULT;
}
Reported by FlawFinder.
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 64-bit user processes use the same stack frame for RT and non-RT signals.
*/
struct signal_frame_64 {
char dummy[__SIGNAL_FRAMESIZE];
struct ucontext uc;
unsigned long unused[2];
unsigned int tramp[6];
struct siginfo *pinfo;
void *puc;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct siginfo *pinfo;
void *puc;
struct siginfo info;
char abigap[288];
};
static int is_sigreturn_64_address(unsigned long nip, unsigned long fp)
{
if (nip == fp + offsetof(struct signal_frame_64, tramp))
Reported by FlawFinder.
arch/sparc/kernel/prom_common.c
3 issues
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
#ifdef CONFIG_SPARC32
strcpy(buf, name);
#endif
return 0;
}
static int __init prom_common_nextprop(phandle node, char *prev, char *buf)
Reported by FlawFinder.
Line: 107
Column: 7
CWE codes:
126
if (!strcmp(list, match))
return 1;
l = strlen(list) + 1;
list += l;
len -= l;
}
return 0;
}
Reported by FlawFinder.
Line: 123
Column: 15
CWE codes:
126
*/
static int __init handle_nextprop_quirks(char *buf, const char *name)
{
if (!name || strlen(name) == 0)
return -1;
#ifdef CONFIG_SPARC32
strcpy(buf, name);
#endif
Reported by FlawFinder.
arch/mips/generic/yamon-dt.c
3 issues
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 mem_array[2 * MAX_MEM_ARRAY_ENTRIES];
unsigned int mem_entries;
int i, err, mem_off;
char *var, param_name[10], *var_names[] = {
"ememsize", "memsize",
};
/* find memory size from the bootloader environment */
for (i = 0; i < ARRAY_SIZE(var_names); i++) {
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__init int yamon_dt_serial_config(void *fdt)
{
const char *yamontty, *mode_var;
char mode_var_name[9], path[20], parity;
unsigned int uart, baud, stop_bits;
bool hw_flow;
int chosen_off, err;
yamontty = fw_getenv("yamontty");
Reported by FlawFinder.
Line: 115
Column: 28
CWE codes:
126
if (!var)
continue;
memsize = memparse(var + strlen(param_name), NULL);
}
/* if the user says there's more RAM than we thought, believe them */
phys_memsize = max_t(unsigned long, phys_memsize, memsize);
Reported by FlawFinder.
arch/powerpc/boot/ps3.c
3 issues
Line: 123
CWE codes:
570
ps3_repository_read_rm_size(&rm_size);
dt_fixup_memory(0, rm_size);
if (&_initrd_end > &_initrd_start) {
setprop_val(chosen, "linux,initrd-start", (u32)(_initrd_start));
setprop_val(chosen, "linux,initrd-end", (u32)(_initrd_end));
}
prep_cmdline(chosen);
Reported by Cppcheck.
Line: 31
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The buffer is put in it's own section so that tools may locate it easier.
*/
static char cmdline[BOOT_COMMAND_LINE_SIZE]
__attribute__((__section__("__builtin_cmdline")));
static void prep_cmdline(void *chosen)
{
if (cmdline[0] == '\0')
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
extern char __system_reset_kernel[];
memcpy((void *)0x100, __system_reset_kernel, 512);
flush_cache((void *)0x100, 512);
}
void platform_init(void)
{
Reported by FlawFinder.