The following issues were found
arch/powerpc/platforms/pseries/pseries_energy.c
3 issues
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cpu = drc_index_to_cpu(buf_page[2*i+1]);
if ((cpu_online(cpu) && !activate) ||
(!cpu_online(cpu) && activate))
s += sprintf(s, "%d,", cpu);
}
if (s > page) { /* Something to show */
s--; /* Suppress last comma */
s += sprintf(s, "\n");
}
Reported by FlawFinder.
Line: 245
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc != H_SUCCESS)
return -EINVAL;
return sprintf(page, "%lu\n", retbuf[1] >> 32);
}
/* Wrapper functions */
static ssize_t cpu_activate_hint_list_show(struct device *dev,
Reported by FlawFinder.
Line: 220
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (s > page) { /* Something to show */
s--; /* Suppress last comma */
s += sprintf(s, "\n");
}
free_page((unsigned long) buf_page);
return s-page;
}
Reported by FlawFinder.
arch/x86/kvm/svm/sev.c
3 issues
Line: 594
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* traditional VMSA as it has been built so far (in prep
* for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state.
*/
memcpy(svm->vmsa, save, sizeof(*save));
return 0;
}
static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
Reported by FlawFinder.
Line: 863
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_offset = dst_paddr & 15;
if (src_tpage)
memcpy(page_address(dst_tpage) + dst_offset,
page_address(src_tpage), size);
else {
if (copy_from_user(page_address(dst_tpage) + dst_offset,
vaddr, size)) {
ret = -EFAULT;
Reported by FlawFinder.
Line: 1080
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data.address = __psp_pa(blob);
data.len = params.len;
memcpy(data.mnonce, params.mnonce, sizeof(params.mnonce));
}
cmd:
data.handle = sev->handle;
ret = sev_issue_cmd(kvm, SEV_CMD_ATTESTATION_REPORT, &data, &argp->error);
/*
Reported by FlawFinder.
arch/arm64/kernel/cpufeature.c
3 issues
Line: 3054
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (arm64_get_meltdown_state()) {
case SPECTRE_UNAFFECTED:
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: PTI\n");
default:
Reported by FlawFinder.
Line: 3057
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "Not affected\n");
case SPECTRE_MITIGATED:
return sprintf(buf, "Mitigation: PTI\n");
default:
return sprintf(buf, "Vulnerable\n");
}
}
Reported by FlawFinder.
Line: 3060
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "Mitigation: PTI\n");
default:
return sprintf(buf, "Vulnerable\n");
}
}
Reported by FlawFinder.
arch/x86/math-emu/poly_sin.c
3 issues
Line: 173
CWE codes:
758
/* Get about 32 bit precision in these: */
fix_up -= mul_32_32(0x898cc517, argSqrd.msw) / 6;
}
fix_up = mul_32_32(fix_up, LL_MSW(fixed_arg));
adj = accumulator.lsw; /* temp save */
accumulator.lsw -= fix_up;
if (accumulator.lsw > adj)
XSIG_LL(accumulator)--;
Reported by Cppcheck.
Line: 186
CWE codes:
758
}
significand(&result) = XSIG_LL(accumulator);
setsign(&result, getsign(st0_ptr));
FPU_copy_to_reg0(&result, TAG_Valid);
#ifdef PARANOID
if ((exponent(&result) >= 0)
&& (significand(&result) > 0x8000000000000000LL)) {
Reported by Cppcheck.
Line: 297
CWE codes:
758
/* A shift is needed here only for a narrow range of arguments,
i.e. for fixed_arg approx 2^-32, but we pick up more... */
if (!(LL_MSW(fixed_arg) & 0xffff0000)) {
fixed_arg <<= 16;
exponent -= 16;
exp2 -= 16;
}
Reported by Cppcheck.
arch/arm64/include/asm/string.h
3 issues
Line: 35
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *, const void *, __kernel_size_t);
extern void *__memcpy(void *, const void *, __kernel_size_t);
#define __HAVE_ARCH_MEMMOVE
extern void *memmove(void *, const void *, __kernel_size_t);
extern void *__memmove(void *, const void *, __kernel_size_t);
Reported by FlawFinder.
Line: 59
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* should use not instrumented version of mem* functions.
*/
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
Reported by FlawFinder.
Line: 22
Column: 24
CWE codes:
126
extern int strncmp(const char *, const char *, __kernel_size_t);
#define __HAVE_ARCH_STRLEN
extern __kernel_size_t strlen(const char *);
#define __HAVE_ARCH_STRNLEN
extern __kernel_size_t strnlen(const char *, __kernel_size_t);
#define __HAVE_ARCH_MEMCMP
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-sensor-groups.c
3 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct sensor_group {
char name[20];
struct attribute_group sg;
struct sg_attr *sgattrs;
} *sgs;
int sensor_group_enable(u32 handle, bool enable)
Reported by FlawFinder.
Line: 213
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (!of_property_read_u32(node, "ibm,chip-id", &chipid))
sprintf(sgs[i].name, "%pOFn%d", node, chipid);
else
sprintf(sgs[i].name, "%pOFn", node);
sgs[i].sg.name = sgs[i].name;
if (add_attr_group(ops, len, &sgs[i], sgid)) {
Reported by FlawFinder.
Line: 215
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!of_property_read_u32(node, "ibm,chip-id", &chipid))
sprintf(sgs[i].name, "%pOFn%d", node, chipid);
else
sprintf(sgs[i].name, "%pOFn", node);
sgs[i].sg.name = sgs[i].name;
if (add_attr_group(ops, len, &sgs[i], sgid)) {
pr_warn("Failed to create sensor attribute group %s\n",
sgs[i].sg.name);
Reported by FlawFinder.
arch/x86/mm/mem_encrypt.c
3 issues
Line: 49
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPORT_SYMBOL_GPL(sev_enable_key);
/* Buffer used for early in-place encryption by BSP, no locking needed */
static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE);
/*
* This routine does not change the underlying encryption setting of the
* page(s) that map this memory. It assumes that eventually the memory is
* meant to be accessed as either encrypted or decrypted but the contents
Reported by FlawFinder.
Line: 99
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Use a temporary buffer, of cache-line multiple size, to
* avoid data corruption as documented in the APM.
*/
memcpy(sme_early_buffer, src, len);
memcpy(dst, sme_early_buffer, len);
early_memunmap(dst, len);
early_memunmap(src, len);
Reported by FlawFinder.
Line: 100
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* avoid data corruption as documented in the APM.
*/
memcpy(sme_early_buffer, src, len);
memcpy(dst, sme_early_buffer, len);
early_memunmap(dst, len);
early_memunmap(src, len);
paddr += len;
Reported by FlawFinder.
arch/sparc/kernel/btext.c
3 issues
Line: 41
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define cmapsz (16*256)
static unsigned char vga_font[cmapsz];
static int __init btext_initialize(phandle node)
{
unsigned int width, height, depth, pitch;
unsigned long address = 0;
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int __init btext_find_display(void)
{
phandle node;
char type[32];
int ret;
node = prom_inst2pkg(prom_stdout);
if (prom_getproperty(node, "device_type", type, 32) < 0)
return -ENODEV;
Reported by FlawFinder.
Line: 330
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static unsigned char vga_font[cmapsz] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x81, 0xa5, 0x81, 0x81, 0xbd,
0x99, 0x81, 0x81, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0xff,
0xdb, 0xff, 0xff, 0xc3, 0xe7, 0xff, 0xff, 0x7e, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x6c, 0xfe, 0xfe, 0xfe, 0xfe, 0x7c, 0x38, 0x10,
Reported by FlawFinder.
arch/arc/kernel/arcksyms.c
3 issues
Line: 52
Column: 15
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
EXPORT_SYMBOL(memcpy);
EXPORT_SYMBOL(memcmp);
EXPORT_SYMBOL(strchr);
EXPORT_SYMBOL(strcpy);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strlen);
Reported by FlawFinder.
Line: 49
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* ARC optimised assembler routines */
EXPORT_SYMBOL(memset);
EXPORT_SYMBOL(memcpy);
EXPORT_SYMBOL(memcmp);
EXPORT_SYMBOL(strchr);
EXPORT_SYMBOL(strcpy);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strlen);
Reported by FlawFinder.
Line: 54
Column: 15
CWE codes:
126
EXPORT_SYMBOL(strchr);
EXPORT_SYMBOL(strcpy);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strlen);
Reported by FlawFinder.
arch/x86/boot/compressed/acpi.c
3 issues
Line: 288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long addr = 0;
#ifdef CONFIG_KEXEC
char val[MAX_ADDR_LEN] = { };
int ret;
ret = cmdline_find_option("acpi_rsdp", val, MAX_ADDR_LEN);
if (ret < 0)
return 0;
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_table_header *header;
struct acpi_table_rsdp *rsdp;
u32 num_entries, size, len;
char arg[10];
u8 *entry;
/*
* Check whether we were given an RSDP on the command line. We don't
* stash this in boot params because the kernel itself may have
Reported by FlawFinder.
Line: 379
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long table_addr, table_end, table;
struct acpi_subtable_header *sub_table;
struct acpi_table_header *table_header;
char arg[MAX_ACPI_ARG_LENGTH];
int num = 0;
if (cmdline_find_option("acpi", arg, sizeof(arg)) == 3 &&
!strncmp(arg, "off", 3))
return 0;
Reported by FlawFinder.