The following issues were found
arch/sparc/include/asm/openprom.h
3 issues
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Arguments sent to the kernel from the boot prompt. */
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Arguments sent to the kernel from the boot prompt. */
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
char *kernel_file_name;
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct linux_arguments_v0 {
char *argv[8];
char args[100];
char boot_dev[2];
int boot_dev_ctrl;
int boot_dev_unit;
int dev_partition;
char *kernel_file_name;
void *aieee1; /* XXX */
Reported by FlawFinder.
arch/sparc/include/asm/floppy_64.h
3 issues
Line: 464
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned char sun_pci_fd_sensei(unsigned long port)
{
unsigned char result[2] = { 0x70, 0x00 };
unsigned char status;
int i = 0;
sun_pci_fd_out_byte(port, 0x08, FIFO);
do {
Reported by FlawFinder.
Line: 554
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *dp;
struct platform_device *op;
const char *prop;
char state[128];
if (initialized)
return sun_floppy_types[0];
initialized = 1;
Reported by FlawFinder.
Line: 620
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sun_pci_fd_ebus_dma.callback = sun_pci_fd_dma_callback;
sun_pci_fd_ebus_dma.client_cookie = NULL;
sun_pci_fd_ebus_dma.irq = FLOPPY_IRQ;
strcpy(sun_pci_fd_ebus_dma.name, "floppy");
if (ebus_dma_register(&sun_pci_fd_ebus_dma))
return 0;
/* XXX ioremap */
sun_fdc = (struct sun_flpy_controller *) op->resource[0].start;
Reported by FlawFinder.
arch/powerpc/platforms/pseries/reconfig.c
3 issues
Line: 181
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(new->value = kmalloc(length + 1, GFP_KERNEL)))
goto cleanup;
memcpy(new->value, value, length);
*(((char *)new->value) + length) = 0;
new->length = length;
new->next = last;
return new;
Reported by FlawFinder.
Line: 310
Column: 6
CWE codes:
126
if (tmp)
*tmp = '\0';
if (strlen(buf) == 0)
return -EINVAL;
return of_remove_property(np, of_find_property(np, buf, NULL));
}
Reported by FlawFinder.
Line: 333
Column: 7
CWE codes:
126
if (!next_prop)
return -EINVAL;
if (!strlen(name))
return -ENODEV;
newprop = new_property(name, length, value, NULL);
if (!newprop)
return -ENOMEM;
Reported by FlawFinder.
arch/x86/platform/olpc/olpc_dt.c
3 issues
Line: 221
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init olpc_dt_compatible_match(phandle node, const char *compat)
{
char buf[64], *p;
int plen, len;
plen = olpc_dt_getproperty(node, "compatible", buf, sizeof(buf));
if (plen <= 0)
return 0;
Reported by FlawFinder.
Line: 228
Column: 8
CWE codes:
126
if (plen <= 0)
return 0;
len = strlen(compat);
for (p = buf; p < buf + plen; p += strlen(p) + 1) {
if (strcmp(p, compat) == 0)
return 1;
}
Reported by FlawFinder.
Line: 229
Column: 37
CWE codes:
126
return 0;
len = strlen(compat);
for (p = buf; p < buf + plen; p += strlen(p) + 1) {
if (strcmp(p, compat) == 0)
return 1;
}
return 0;
Reported by FlawFinder.
arch/nios2/lib/memcpy.c
3 issues
Line: 39
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do { \
size_t __nbytes = (nbytes); \
while (__nbytes > 0) { \
unsigned char __x = ((unsigned char *) src_bp)[0]; \
src_bp += 1; \
__nbytes -= 1; \
((unsigned char *) dst_bp)[0] = __x; \
dst_bp += 1; \
} \
Reported by FlawFinder.
Line: 42
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char __x = ((unsigned char *) src_bp)[0]; \
src_bp += 1; \
__nbytes -= 1; \
((unsigned char *) dst_bp)[0] = __x; \
dst_bp += 1; \
} \
} while (0)
/* Copy *up to* NBYTES bytes from SRC_BP to DST_BP, with
Reported by FlawFinder.
Line: 160
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
void *memcpy(void *dstpp, const void *srcpp, size_t len)
{
unsigned long int dstp = (long int) dstpp;
unsigned long int srcp = (long int) srcpp;
/* Copy from the beginning to the end. */
Reported by FlawFinder.
arch/ia64/kernel/unaligned.c
3 issues
Line: 1333
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[200]; /* comm[] is at most 16 bytes... */
size_t len;
len = sprintf(buf, "%s(%d): unaligned access to 0x%016lx, "
"ip=0x%016lx\n\r", current->comm,
task_pid_nr(current),
ifa, regs->cr_iip + ipsr->ri);
/*
* Don't call tty_write_message() if we're in the kernel; we might
Reported by FlawFinder.
Line: 952
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* floating point operations sizes in bytes
*/
static const unsigned char float_fsz[4]={
10, /* extended precision (e) */
8, /* integer (8) */
4, /* single precision (s) */
8 /* double precision (d) */
};
Reported by FlawFinder.
Line: 1330
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
!(current->thread.flags & IA64_THREAD_UAC_NOPRINT) &&
__ratelimit(&logging_rate_limit))
{
char buf[200]; /* comm[] is at most 16 bytes... */
size_t len;
len = sprintf(buf, "%s(%d): unaligned access to 0x%016lx, "
"ip=0x%016lx\n\r", current->comm,
task_pid_nr(current),
Reported by FlawFinder.
arch/powerpc/kernel/eeh_sysfs.c
3 issues
Line: 33
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
if (!edev) \
return 0; \
\
return sprintf(buf, _format "\n", edev->_memb); \
} \
static DEVICE_ATTR(_name, 0444, eeh_show_##_name, NULL);
EEH_SHOW_ATTR(eeh_mode, mode, "0x%x");
EEH_SHOW_ATTR(eeh_pe_config_addr, pe_config_addr, "0x%x");
Reported by FlawFinder.
Line: 51
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENODEV;
state = eeh_ops->get_state(edev->pe, NULL);
return sprintf(buf, "0x%08x 0x%08x\n",
state, edev->pe->state);
}
static ssize_t eeh_pe_state_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 89
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!edev || !edev->pe)
return -ENODEV;
return sprintf(buf, "%d\n", pdn->last_allow_rc);
}
static ssize_t eeh_notify_resume_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
arch/mips/sibyte/common/sb_tbprof.c
3 issues
Line: 61
Column: 19
CWE codes:
362
wait_queue_head_t tb_sync;
wait_queue_head_t tb_read;
struct mutex lock;
enum open_status open;
tb_sample_t *sbprof_tbbuf;
int next_tb_sample;
volatile int tb_enable;
volatile int tb_armed;
Reported by FlawFinder.
Line: 397
Column: 16
CWE codes:
362
if (minor != 0)
return -ENODEV;
if (xchg(&sbp.open, SB_OPENING) != SB_CLOSED)
return -EBUSY;
memset(&sbp, 0, sizeof(struct sbprof_tb));
sbp.sbprof_tbbuf = vzalloc(MAX_TBSAMPLE_BYTES);
if (!sbp.sbprof_tbbuf) {
Reported by FlawFinder.
Line: 423
Column: 24
CWE codes:
362
int minor;
minor = iminor(inode);
if (minor != 0 || sbp.open != SB_CLOSED)
return -ENODEV;
mutex_lock(&sbp.lock);
if (sbp.tb_armed || sbp.tb_enable)
Reported by FlawFinder.
arch/sparc/crypto/des_glue.c
3 issues
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key += DES_KEY_SIZE;
des_sparc64_key_expand((const u32 *)key, k3);
memcpy(&dctx->encrypt_expkey[0], &k1[0], sizeof(k1));
encrypt_to_decrypt(&dctx->encrypt_expkey[DES_EXPKEY_WORDS / 2], &k2[0]);
memcpy(&dctx->encrypt_expkey[(DES_EXPKEY_WORDS / 2) * 2],
&k3[0], sizeof(k3));
encrypt_to_decrypt(&dctx->decrypt_expkey[0], &k3[0]);
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&dctx->encrypt_expkey[0], &k1[0], sizeof(k1));
encrypt_to_decrypt(&dctx->encrypt_expkey[DES_EXPKEY_WORDS / 2], &k2[0]);
memcpy(&dctx->encrypt_expkey[(DES_EXPKEY_WORDS / 2) * 2],
&k3[0], sizeof(k3));
encrypt_to_decrypt(&dctx->decrypt_expkey[0], &k3[0]);
memcpy(&dctx->decrypt_expkey[DES_EXPKEY_WORDS / 2],
&k2[0], sizeof(k2));
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&k3[0], sizeof(k3));
encrypt_to_decrypt(&dctx->decrypt_expkey[0], &k3[0]);
memcpy(&dctx->decrypt_expkey[DES_EXPKEY_WORDS / 2],
&k2[0], sizeof(k2));
encrypt_to_decrypt(&dctx->decrypt_expkey[(DES_EXPKEY_WORDS / 2) * 2],
&k1[0]);
return 0;
Reported by FlawFinder.
arch/ia64/kernel/module.c
3 issues
Line: 115
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define N(reloc) [R_IA64_##reloc] = #reloc
static const char *reloc_name[256] = {
N(NONE), N(IMM14), N(IMM22), N(IMM64),
N(DIR32MSB), N(DIR32LSB), N(DIR64MSB), N(DIR64LSB),
N(GPREL22), N(GPREL64I), N(GPREL32MSB), N(GPREL32LSB),
N(GPREL64MSB), N(GPREL64LSB), N(LTOFF22), N(LTOFF64I),
N(PLTOFF22), N(PLTOFF64I), N(PLTOFF64MSB), N(PLTOFF64LSB),
Reported by FlawFinder.
Line: 216
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct plt_entry {
/* Three instruction bundles in PLT. */
unsigned char bundle[2][16];
};
static const struct plt_entry ia64_plt_template = {
{
{
Reported by FlawFinder.
Line: 261
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct plt_entry {
/* Three instruction bundles in PLT. */
unsigned char bundle[3][16];
};
static const struct plt_entry ia64_plt_template = {
{
{
Reported by FlawFinder.