The following issues were found
arch/powerpc/platforms/pseries/ras.c
3 issues
Line: 21
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "pseries.h"
static unsigned char ras_log_buf[RTAS_ERROR_LOG_MAX];
static DEFINE_SPINLOCK(ras_log_buf_lock);
static int ras_check_exception_token;
static void mce_process_errlog_event(struct irq_work *work);
Reported by FlawFinder.
Line: 447
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Use the per cpu buffer from paca to store rtas error log */
memset(local_paca->mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
if (!rtas_error_extended(h)) {
memcpy(local_paca->mce_data_buf, h, sizeof(__u64));
} else {
int len, error_log_length;
error_log_length = 8 + rtas_error_extended_log_length(h);
len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
Reported by FlawFinder.
Line: 453
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
error_log_length = 8 + rtas_error_extended_log_length(h);
len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
memcpy(local_paca->mce_data_buf, h, len);
}
return (struct rtas_error_log *)local_paca->mce_data_buf;
}
Reported by FlawFinder.
arch/arc/include/asm/string.h
3 issues
Line: 30
Column: 14
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
extern void memzero(void *ptr, __kernel_size_t n);
extern int memcmp(const void *, const void *, __kernel_size_t);
extern char *strchr(const char *s, int c);
extern char *strcpy(char *dest, const char *src);
extern int strcmp(const char *cs, const char *ct);
extern __kernel_size_t strlen(const char *);
#endif /* _ASM_ARC_STRING_H */
Reported by FlawFinder.
Line: 26
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define __HAVE_ARCH_STRLEN
extern void *memset(void *ptr, int, __kernel_size_t);
extern void *memcpy(void *, const void *, __kernel_size_t);
extern void memzero(void *ptr, __kernel_size_t n);
extern int memcmp(const void *, const void *, __kernel_size_t);
extern char *strchr(const char *s, int c);
extern char *strcpy(char *dest, const char *src);
extern int strcmp(const char *cs, const char *ct);
Reported by FlawFinder.
Line: 32
Column: 24
CWE codes:
126
extern char *strchr(const char *s, int c);
extern char *strcpy(char *dest, const char *src);
extern int strcmp(const char *cs, const char *ct);
extern __kernel_size_t strlen(const char *);
#endif /* _ASM_ARC_STRING_H */
Reported by FlawFinder.
arch/x86/kvm/vmx/pmu_intel.c
3 issues
Line: 315
Column: 42
CWE codes:
120
20
* the LBR msrs records when the guest LBR event is scheduled in.
*/
static bool intel_pmu_handle_lbr_msrs_access(struct kvm_vcpu *vcpu,
struct msr_data *msr_info, bool read)
{
struct lbr_desc *lbr_desc = vcpu_to_lbr_desc(vcpu);
u32 index = msr_info->index;
if (!intel_pmu_is_valid_lbr_msr(vcpu, index))
Reported by FlawFinder.
Line: 334
Column: 7
CWE codes:
120
20
*/
local_irq_disable();
if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) {
if (read)
rdmsrl(index, msr_info->data);
else
wrmsrl(index, msr_info->data);
__set_bit(INTEL_PMC_IDX_FIXED_VLBR, vcpu_to_pmu(vcpu)->pmc_in_use);
local_irq_enable();
Reported by FlawFinder.
arch/s390/net/pnet.c
3 issues
Line: 51
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
util_str = ccw_device_get_util_str(gdev->cdev[0], 0);
if (!util_str)
return -ENOMEM;
memcpy(pnetids, util_str, PNETIDS_LEN);
EBCASC(pnetids, PNETIDS_LEN);
kfree(util_str);
return 0;
}
if (dev_is_pci(dev)) {
Reported by FlawFinder.
Line: 59
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev_is_pci(dev)) {
struct zpci_dev *zdev = to_zpci(to_pci_dev(dev));
memcpy(pnetids, zdev->util_str, sizeof(zdev->util_str));
EBCASC(pnetids, sizeof(zdev->util_str));
return 0;
}
return -EOPNOTSUPP;
}
Reported by FlawFinder.
Line: 82
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pnet_ids_by_device(dev, (u8 *)pnetids) &&
memcmp(pnetids[port], zero, MAX_PNETID_LEN))
memcpy(pnetid, pnetids[port], MAX_PNETID_LEN);
else
rc = -ENOENT;
return rc;
}
Reported by FlawFinder.
arch/x86/kernel/cpu/sgx/encl.c
3 issues
Line: 324
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sgx_encl *encl = vma->vm_private_data;
struct sgx_encl_page *entry = NULL;
char data[sizeof(unsigned long)];
unsigned long align;
int offset;
int cnt;
int ret = 0;
int i;
Reported by FlawFinder.
Line: 359
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
if (write) {
memcpy(data + offset, buf + i, cnt);
ret = sgx_encl_debug_write(encl, entry, align, data);
if (ret)
goto out;
} else {
memcpy(buf + i, data + offset, cnt);
Reported by FlawFinder.
Line: 364
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
goto out;
} else {
memcpy(buf + i, data + offset, cnt);
}
out:
mutex_unlock(&encl->lock);
Reported by FlawFinder.
arch/parisc/kernel/setup.c
3 issues
Line: 71
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#endif
}
strcpy(command_line, boot_command_line);
*cmdline_p = command_line;
}
#ifdef CONFIG_PA11
void __init dma_ops_init(void)
Reported by FlawFinder.
Line: 41
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/unwind.h>
#include <asm/smp.h>
static char __initdata command_line[COMMAND_LINE_SIZE];
/* Intended for ccio/sba/cpu statistics under /proc/bus/{runway|gsc} */
struct proc_dir_entry * proc_runway_root __read_mostly = NULL;
struct proc_dir_entry * proc_gsc_root __read_mostly = NULL;
struct proc_dir_entry * proc_mckinley_root __read_mostly = NULL;
Reported by FlawFinder.
Line: 59
Column: 31
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* called from hpux boot loader */
boot_command_line[0] = '\0';
} else {
strlcpy(boot_command_line, (char *)__va(boot_args[1]),
COMMAND_LINE_SIZE);
#ifdef CONFIG_BLK_DEV_INITRD
if (boot_args[2] != 0) /* did palo pass us a ramdisk? */
{
Reported by FlawFinder.
arch/arm/mach-orion5x/terastation_pro2-setup.c
3 issues
Line: 201
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
for (i = 0; i < count; i++)
Reported by FlawFinder.
Line: 203
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
for (i = 0; i < count; i++)
checksum -= data[i];
Reported by FlawFinder.
arch/x86/boot/tty.c
3 issues
block/partitions/atari.h
3 issues
Line: 20
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct partition_info
{
u8 flg; /* bit 0: active; bit 7: bootable */
char id[3]; /* "GEM", "BGM", "XGM", or other */
__be32 st; /* start of partition */
__be32 siz; /* length of partition */
};
struct rootsector
Reported by FlawFinder.
Line: 27
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rootsector
{
char unused[0x156]; /* room for boot code */
struct partition_info icdpart[8]; /* info for ICD-partitions 5..12 */
char unused2[0xc];
u32 hd_siz; /* size of disk in blocks */
struct partition_info part[4];
u32 bsl_st; /* start of bad sector list */
Reported by FlawFinder.
Line: 29
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char unused[0x156]; /* room for boot code */
struct partition_info icdpart[8]; /* info for ICD-partitions 5..12 */
char unused2[0xc];
u32 hd_siz; /* size of disk in blocks */
struct partition_info part[4];
u32 bsl_st; /* start of bad sector list */
u32 bsl_cnt; /* length of bad sector list */
u16 checksum; /* checksum for bootable disks */
Reported by FlawFinder.
arch/mips/vdso/genvdso.c
3 issues
Line: 115
Column: 7
CWE codes:
362
void *addr;
const Elf32_Ehdr *ehdr;
fd = open(path, O_RDWR);
if (fd < 0) {
fprintf(stderr, "%s: Failed to open '%s': %s\n", program_name,
path, strerror(errno));
return NULL;
}
Reported by FlawFinder.
Line: 251
Column: 13
CWE codes:
362
return EXIT_FAILURE;
}
out_file = fopen(out_path, "w");
if (!out_file) {
fprintf(stderr, "%s: Failed to open '%s': %s\n", program_name,
out_path, strerror(errno));
return EXIT_FAILURE;
}
Reported by FlawFinder.
Line: 278
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < vdso_size; i++) {
if (!(i % 10))
fprintf(out_file, "\n\t");
fprintf(out_file, "0x%02x, ", ((unsigned char *)vdso)[i]);
}
fprintf(out_file, "\n};\n");
/* Preallocate a page array. */
fprintf(out_file,
Reported by FlawFinder.